10. Are there any constraints known that bear on the ability to perform IT security risk assessment work? How is the team addressing them?
<--- Score
11. Is IT security risk assessment currently on schedule according to the plan?
<--- Score
12. Has a team charter been developed and communicated?
<--- Score
13. Are approval levels defined for contracts and supplements to contracts?
<--- Score
14. Is scope creep really all bad news?
<--- Score
15. Are the IT security risk assessment requirements testable?
<--- Score
16. Do you have a IT security risk assessment success story or case study ready to tell and share?
<--- Score
17. Is IT security risk assessment linked to key stakeholder goals and objectives?
<--- Score
18. Is IT security risk assessment required?
<--- Score
19. What are (control) requirements for IT security risk assessment Information?
<--- Score
20. What was the context?
<--- Score
21. Are resources adequate for the scope?
<--- Score
22. What are the requirements for audit information?
<--- Score
23. Is there a clear IT security risk assessment case definition?
<--- Score
24. Is there a completed, verified, and validated high-level ‘as is’ (not ‘should be’ or ‘could be’) stakeholder process map?
<--- Score
25. Who are the IT security risk assessment improvement team members, including Management Leads and Coaches?
<--- Score
26. How does the IT security risk assessment manager ensure against scope creep?
<--- Score
27. Is the IT security risk assessment scope manageable?
<--- Score
28. What scope do you want your strategy to cover?
<--- Score
29. What key stakeholder process output measure(s) does IT security risk assessment leverage and how?
<--- Score
30. How have you defined all IT security risk assessment requirements first?
<--- Score
31. Is special IT security risk assessment user knowledge required?
<--- Score
32. What constraints exist that might impact the team?
<--- Score
33. Are customer(s) identified and segmented according to their different needs and requirements?
<--- Score
34. What sort of initial information to gather?
<--- Score
35. Are different versions of process maps needed to account for the different types of inputs?
<--- Score
36. How are consistent IT security risk assessment definitions important?
<--- Score
37. Has everyone on the team, including the team leaders, been properly trained?
<--- Score
38. Are the IT security risk assessment requirements complete?
<--- Score
39. How can the value of IT security risk assessment be defined?
<--- Score
40. What is in scope?
<--- Score
41. How do you think the partners involved in IT security risk assessment would have defined success?
<--- Score
42. Is the team equipped with available and reliable resources?
<--- Score
43. Who defines (or who defined) the rules and roles?
<--- Score
44. What are the compelling stakeholder reasons for embarking on IT security risk assessment?
<--- Score
45. What are the IT security risk assessment tasks and definitions?
<--- Score
46. Is the work to date meeting requirements?
<--- Score
47. Is the IT security risk assessment scope complete and appropriately sized?
<--- Score
48. What is out-of-scope initially?
<--- Score
49. How often are the team meetings?
<--- Score
50. Is there a completed SIPOC representation, describing the Suppliers, Inputs, Process, Outputs, and Customers?
<--- Score
51. What information do you gather?
<--- Score
52. How do you build the right business case?
<--- Score
53. Has a IT security risk assessment requirement not been met?
<--- Score
54. Have specific policy objectives been defined?
<--- Score
55. Are all requirements met?
<--- Score
56. What are the tasks and definitions?
<--- Score
57. Is there a IT security risk assessment management charter, including stakeholder case, problem and goal statements, scope, milestones, roles and responsibilities, communication plan?
<--- Score
58. Is data collected and displayed to better understand customer(s) critical needs and requirements.
<--- Score
59. When is the estimated completion date?
<--- Score
60. What is the context?
<--- Score
61. What is the scope of IT security risk assessment?
<--- Score
62. Is there any additional IT security risk assessment definition of success?
<--- Score
63. How do you catch IT security risk assessment definition inconsistencies?
<--- Score
64. Has a project plan, Gantt chart, or similar been developed/completed?
<--- Score
65. What are the record-keeping requirements of IT security risk assessment activities?
<--- Score