Number:  GoA.GCC-01
Creation Date:  2022-10-04
Category:  Risk Management
Effective Date:  2022-10-04
Version:  1.0
Last Reviewed:  2022-10-04
Security Classification:  Protected A
Scheduled Review Date:  2023-10-04
Status:  Approved


​​​​​​​​​​​​​​​​​​​​​​​This policy instrument defines the control objectives for identification, assessment, and management of cybersecurity risks (cyber risk) within the GoA. Cyber risk is managed through risk assessment, threat identification, vulnerability assessment, and documented processes for reporting and treating risk. This includes mitigation strategies that are monitored to maintain risk exposure within acceptable levels.​

Please note that information classified as Protected (per the Data and Information Security Classification standard) is only accessible to Government of Alberta Employees. External users are therefore not able to download this document. To request access, please contact us:

Keywords: risk management, threats, vulnerabilities, risk tolerance