Navigated to

Risk and vulnerability analysis

Once you know how sensitive the information to be processed is and when you plan how it will be managed within the project, you will need to conduct a risk and vulnerability analysis. This analysis describes likely threats linked to your information processing and how the risks should be managed in the project.


Use the template for risk and vulnerability analysis

A couple of common risks are the dissemination of personal data to unauthorised parties and that important information is destroyed or lost and cannot be recovered. During the risk analysis, you can see whether the planned management of information in the project minimises or completely avoids common risks and whether there are risks that require additional risk management measures.

Download the templates and read more about conducting a risk and vulnerability analysis on Aktum (UMU ID required)

Check if your department has conducted an overall analysis

If your department has already conducted an overall analysis of information security, cybersecurity and data protection within your research field, much of the work has already been done for you. You can use the information classification and risk analysis that have already been conducted in the overall analysis when planning your project’s information and data management.

By following your department’s local instructions with a checklist for information security in the research field, you will be able to utilise the security measures that your department has identified in its analysis. This can be in the form of technical solutions and procedures to protect research data and minimise risks in the project. 

You can then use what is known as a simplified information classification of data collection to match and document the protection value of a particular data collection before you process or store data in information systems, such as IT systems, research infrastructures or repositories.

Ask your head of department if an overall analysis of information security, cybersecurity and data protection has been conducted by your department and request to receive the overall analysis and local information security instructions with a checklist for the research field.

Read more about the support model for analysing information security, cybersecurity and data protection in research projects on Aktum (UMU ID required)

Do you have questions about research data?

The University has a cross-functional team that supports you with research data issues in areas such as archiving, legal affairs, IT support, open data, and information security. You can contact the research data support team using the following form:

Contact the research data support team if you have questions

Latest update: 2025-06-05

Read more about similar topics

Illustration som föreställer en skylt med vägvisning

Guide to managing research data

Brief chronological guide to managing research data, with further reading.

An i illustration information.

Information classification

Manage data securely through doing an information classification.

Detalj på två personer som sitter vid ett bord med papper och pratar med varandra. För att illustrera samarbete, möte eller grupparbete.

Plan a project

Plan for information security, selecting IT services and writing agreements.