Navigated to

Risk and vulnerability analysis

Once you know how sensitive the information to be processed is and when you plan how it will be managed within the project, you will need to conduct a risk and vulnerability analysis. This analysis describes likely threats linked to your information processing and how the risks should be managed in the project.


Use the template for risk and vulnerability analysis

A couple of common risks are the dissemination of personal data to unauthorised parties and that important information is destroyed or lost and cannot be recovered. During the risk analysis, you can see whether the planned management of information in the project minimises or completely avoids common risks and whether there are risks that require additional risk management measures.

Download the templates and read more about conducting a risk and vulnerability analysis on Aktum (UMU ID required)

Does your department have a general information classification?

If your department has already conducted a general information classification of information security, cybersecurity and data protection within your research field, much of the work has already been done for you. 

You can use the simplified information classification process in your research project based on the general information classification and by following the security measures the department found suitable and proportional in their risk assessment. This could be technical solutions and routines for protecting research data and minimise risks in your project.

Ask the head of your department if they have a "General information classification with security measures" for your research field.

Read more about the analysis model for information security, cyber security and data protection in research projects on Aktum (UMU ID required)

Training and courses in risk and vulnerability analysis

You can participate in a workshop where you learn to conduct information classification and risk and vulnerability analyses.

Find upcoming courses in EduAdmin

Do you have questions about research data?

The University has a cross-functional team that supports you with research data issues in areas such as archiving, legal affairs, IT support, open data, and information security. You can contact the research data support team using the following form:

Contact the research data support team if you have questions

Latest update: 2025-09-26

Read more about similar topics

Two signposts pointing in different directions.

Guide to managing research data

Brief chronological guide to managing research data, with further reading.

An i illustrating information.

Information classification

Manage data securely through doing an information classification.

Two people in discussion over a paper at a table.

Plan a project

Plan for information security, selecting IT services and writing agreements.