What Should I Do?
Determine the Assurance Level
A reference assessment table that illustrates the maximum impact that can be covered by different assurance levels is listed below. The potential degree of impact identified for a category is associated with an appropriate assurance level that can cover it. The highest assurance level resulting from this mapping exercise will be chosen as the overall assurance level of that particular service or transaction.
| Potential Impact | Maximum Impact that Can Be Covered By | |||
 |  |  |  | |
| Inconvenience, distress, or damage to standing or reputation | Low | Moderate | Moderate | High |
| Financial loss or legal liability | Low | Moderate | Moderate | High |
| Unauthorised release of personal and commercial data | No | Low | Moderate | High |
| Personal safety of any party | No | No | Low | Moderate |
| Civil or criminal violations | No | Low | Moderate | High |
For example, if all the ratings of the impact categories were found to be 'Low', then the service or transaction would require an overall Level 3 assurance. This is because the assurance Level 2 cannot cover even a 'Low Risk' in the category of 'Personal safety of any party'.
|