10.2.1The Risk Register is the record where the results of risk analysis, whether qualitative or quantitative, are logged including the mitigating measures and risk ownerships;
10.2.2The Licensed Person must maintain a risk register in the appropriate format with the following information at a minimum:
a)Risk Item;
b)Description of Risk Item;
c)Probability/ Likelihood;
d)Impact/ Consequence;
e)Risk Ranking;
f)Mitigation Measures;
g)Contingency Plan;
h)Risk Ownership; and
i)Deadlines for implementing mitigating measures.
10.2.3The Risk Register must be reviewed at least quarterly to ensure that it is updated with upcoming, relevant risks and appropriate mitigating measures; and
10.2.4Periodical reports on actions initiated to mitigate various risks must be submitted to the Board of Directors (or to the Owner/Partners where there is no Board of Directors).