Introduction
This guidance outlines the Legacy IT Risk Assessment Framework, a qualitative risk-based approach designed to evaluate the criticality of legacy-related risks across government entities. The framework has been developed in collaboration with departments. It utilises established legacy frameworks and industry models, this self-assessment tool is tailored for use by public sector organisations. All ministerial departments have been integrated into the framework.
The framework is a standard mechanism for the central government, Central Digital & Data Office (CDDO), to gauge the technical health of legacy IT assets, enabling strategic allocation of focus and funding for the wider legacy estate of the government. It assures that efforts towards remediation are concentrated on systems with the highest risk factors.
This document provides insight into the origins of the framework and gives comprehensive guidance to departments for accurate utilisation and interpretation of the risk assessment framework.
This guidance will help you to:
- Assess both the impact and likelihood of a specific legacy IT system
- Assess if that legacy IT system is considered ‘red-rated’
- Apply best…
