Process for initiating, updating and completing a Statement of Sensitivity. The SoS acts as a Memorandum of Understanding between the sector information security function and the business unit. It helps the business unit or application owner to identify required safeguards to meet the Confidentiality, Integrity and Availability (CIA triad) requirements. It is also used to activate other risk-based processes, such as a STRA and/or Privacy Impact Assessment (PIA).
This process can be a precursor to a Security Threat and Risk Assessment (STRA).