(515) 865-4591

Package 6: Risk Assessment Bundle Complete package with Policies

Our templates are created based on best practices and standards for Risk Assessment. The complete package has Risk Assessment guidelines, matrix, templates, forms, worksheets, policies, procedures, methodologies, tools, information on free resources, and standards. Our risk assessment templates will help you to comply with the following regulations and standards like HIPAA, FDA, SOX, FISMA, COOP & COG, FFIEC, Basel II, and ISO 27002. Following the Risk assessment templates package is available to suit your needs.

These templates can be used by Healthcare organizations, IT departments of different companies, security consulting companies, manufacturing companies, service companies, financial institutions, educational organizations, law firms, pharmaceuticals & biotechnology companies, telecommunication companies, and others.

Feel free to request a sample before buying.

List of documents in this Risk Assessment templates package:

Cost: $195
Buy Risk Assessment Templates Package Now

Conducting a Risk Assessment Guide


The intention of this document is to help the business conduct a Risk Assessment, which identifies current risks and threats to the business and implement measures to eliminate or reduce those potential risks.  This document provides guidance on how to conduct the Risk Assessment, analyze the information that is collected, and implement strategies that will allow the business to manage the risk.  The following documents are available to help the business complete the assessment:

  • Risk Assessment Template
  • Risk Assessment Worksheet
  • Facility RA Findings Report
  • Executive RA Findings Report
  • Examples of Preventative Measures

The Risk Assessment is only part one of an overall Business Assessment.  A Business Assessment is separated into two constituents, Risk Assessment and Business Impact Analysis (BIA).  The Risk Assessment is intended to measure present vulnerabilities to the business’s environment, while the Business Impact Analysis evaluates probable loss that could result during a disaster.  To maximize the Risk Assessment, a Business Impact Analysis should also be completed.

Table of Contents of Conducting a Risk Assessment




Objectives of the Risk Assessment
Risk Assessment Process
What Should Be Included?
Steps to Follow


Identifying Risks / Threats
Probability of Occurrence
Vulnerability to Risk
Potential Impact
Preventative Measures in Place
Insurance Coverage
Past Experiences


Review Interview Notes
Follow-Up Meetings
Report the Results


Creation of Executive Report
Presenting the Results
Next Steps


Senior Management Support
Effective Data Gathering Tools
Key Resources
Critical Data
Executive Report


Appendix A:  Risk Assessment Survey
Appendix B:  Risk Assessment Worksheet
Appendix C:  Facility Risk Assessment Report
Appendix D:  Executive Risk Assessment Report
Appendix E:  Examples of Preventative Measures

Risk Assessment Template


Due to HIPAA Security Rule regulations, your organization must implement Contingency Planning Practices to ensure the protection of ePHI (electronic Protected Health Information).  In order to accomplish this undertaking, there are several steps that your organization will be completed to identify critical business functions, processes, and applications that process ePHI and to understand the potential impact to the business if a disruptive event occurred.

One of the first steps of implementing the Contingency Program for your organization is to conduct a Risk Assessment (RA).  This questionnaire will help you to identify the current risks and threats to the business and implement measures to eliminate or reduce those potential risks.   Once the survey is completed, the RA Project team will analyze the data and create prioritized risk reduction (mitigation) strategies to present to senior management.

Table of Contents of Risk Assessment Template



Respondent Information
Company Information


Facility Related
Technology Related


Natural Risks / Threats
Man-Made Risks / Threats


Environment Risks / Threats
Facility Risks / Threat


Hazardous Materials
Fire Containment
Emergency Notification, Evacuations, Alarms & Exits
Facility Features, Security,  & Access
Data Center (Technologies)

Preventative Measures

The following list contains examples of preventative measures that can be implemented by the company to mitigate the potential risks that currently exist.   Some of these activities may be achieved easily, as to where some may take more time and more resources.

Natural Risks

These risks are usually associated with weather-related events:  flooding, high winds, severe storms, tornado, hurricanes, fire, high winds, snowstorms, and ice storms.

Risk / Threat

Preventative Measures


  • Move large and heavy objects to the fall to prevent injury (from falling on people.)
  • Equipment tie-downs are used on all critical computer equipment.
  • Emergency power is available on-site.
  • Earthquake construction guidelines have been adhered to so that damage can be minimized.
  • Critical data and vital records should be backed up and sent offsite for storage.
  • Staff should be trained in Earthquake evacuations and safety.

Man-Made Risks

These risks are usually associated with man-made types of events:  Bomb threats, vandalism, terrorism, civil disorder, sabotage, hazardous waste, work stoppage (internal/external), and computer crime.

Risk / Threat

Preventative Measures

Staff Productivity Risks

  • Alternate sources of trained employees have been identified
  • Proper training and necessary cross-training are conducted
  • Files are backed up and procedures are documented
  • The work areas are comfortable and safe

Environmental Risks

These risks are usually associated with exposures from surrounding facilities, businesses, government agencies, etc.

Risk / Threat

Preventative Measures

Hazardous Materials Plant


  • There is a nightly backup of data processing electronic record and that backup is stored off-site
  • The off-site backup facility is a sufficient distance away from this facility
  • An alternate site has been identified for use in the event that this facility is unusable

Final Facility Risk Assessment Report Template w/ charts

<Enter Facility Name>
Address of Location:
Participant: Date of Report:

The interview was conducted by <Enter the Name of Person(s) conducting interviews> on <Enter Month, Day, and Year>.

Overview of Facility Business Operations

The <Name of Facility> is responsible for <enter overview of all business operations that are conducted at this site. (Identify if the facility provides patient care.)

The previous Disruption Experiences

  • <Enter any previous disruption experiences and details of incident>
  • <Enter any previous disruption experiences and details of incident>
  • <Enter any previous disruption experiences and details of incident>

Risks & Vulnerabilities

Natural Risks

These risks are usually associated with weather-related events:  flooding, high winds, severe storms, tornado, hurricanes, fires, high winds, snowstorms, and ice storms. In each RA Survey, the facilities manager was asked to identify potential natural risks and rate the severity of each.

<Enter Chart using the template on the Natural Risks tab in the Executive Report Charts located in the appendix.>

Summary of Natural Risks

For the location of this facility and historical weather patterns, it has been stated that <Enter top 3 – 5 Natural Risks> pose the biggest threat. <Add additional comments if necessary.>

How the risk ranking was determined:  Overall Risk = Probability * Severity (Magnitude – Mitigation)





Overall Risk







Flood / Flash Flooding


Hurricane / Tropical Storm


Ice Storms




Severe Thunderstorms






Risk Assessment Policy


The Risk Assessment (RA) Policy document establishes the activities that need to be carried out by each Business Unit, Technology Unit, and Corporate Unit (departments) within the organization.

All departments must utilize this methodology to identify current risks and threats to the business and implement measures to eliminate or reduce those potential risks.

Table of Contents for Risk Assessment Policy



A. Purpose
B.  Scope
C.  Ownership Roles & Responsibilities
D. Review Process
E. Reporting Process
F. Update Frequency and Annual Review
G. Approval


A. RA Completion
B.  Risks and Threats Identification
C.  Probability of Occurrence
D.  Vulnerability to Risk
E.  Potential Impact of Risk
F.  Preventative Measures
G.  Insurance Coverage
H.  Previous Disruptions


A.  Overall Facility Risk
B.  Communication
C.  Retention of RA Survey


Appendix A – Risk Assessment Standards

To view a specific section of this document, please contact us at Bob@training-hipaa.net or call us at (515) 865-4591.

Business Impact Analysis (BIA) Template Packages

Risk Assessment (RA) Template Packages

Data Center Recovery Template Packages

Business Continuity Plan (BCP) & Disaster Recovery Plan (DRP) Template Packages

Complete Business Contingency Plan Templates Suit Including BIA, RA, BCP, DRP, Revision & Testing plans


View license agreement

Note: We offer 7 days money-back guarantee to all USA companies with more than 50 employees only. Consulting companies/consultants/business associates are NOT eligible for this offer. Individuals from the USA are NOT eligible for refunds when they buy the product in their own name and NO company information is used. Corporate email is required for the refund of companies.

Companies who purchased templates without seeing samples and you are dissatisfied with our product, will receive a full refund if you cancel your purchase&return the product within 7 days of buying the templates. You will not receive the refund after you have requested sample documents and have decided to buy templates after it.

Refund And Cancellation Policy

Risk Assessment Bundle Complete package with Policies

Rated 4.8/5 based on 147 reviews