For a number of years CERN has defined its major risks at the enterprise level in an Enterprise Risk Register which allows the top management to oversee and manage these top risks that could severely impact the on-going operation of CERN. In 2019 to complement this top down approach, CERN introduced a bottom up approach with the IT department as the first example. The resulting IT Risk Register defines the top risks from an IT perspective, as well as the measures taken to mitigate against them. This risk register is reviewed annually and updated accordingly.
The IT Risk Register is given below, but is currently accessible only to the members of the ITMM.