MOD: There is a documented process for escalating risks to, and beyond, the Senior Responsible Owner (SRO).

MOD: The project/programme/capability continually reviews how its potential supply chain presents security risks, opportunities and constraints.

MOD: The project/programme/capability understands the assets (refer to glossary), and can identify critical assets, that are in scope. Mechanisms are in place to review as the project/programme/capability matures.

MOD: The criticality level of loss of an asset is understood.

MOD: The relationship between assets and the business/mission objectives is understood.

MOD: The Authorisation Boundary (refer to glossary) is clearly defined and includes capabilities and organisations (MOD and other) that support the mission/business objectives of the project/programme/capability.

MOD: The Authorisation Boundary (refer to glossary) is agreed with the Senior Responsible Owners (SRO) of adjacent projects/programmes/capabilities.

MOD: The project/programme/capability has identified the types of information to be processed, stored, and transmitted by the capability.

MOD:-

MOD: The identified information types have been confirmed by the Information Asset Owners in accordance with JSP 441.