Conduct a focused risk assessment for after-hours access at [FacilityType] sites in [Region], mapping threats to controls and residual risk in line with [Standard]. Identify misuse scenarios (shared badges, tailgating, door props, off-hours vendor access, clock drift), evaluate likelihood/impact, and document existing preventive/detective controls. Incorporate a defined [RiskAppetite] threshold and propose treatments (technical, procedural, contractual).
Output format:
Context & Assumptions (100–150 words)
Risk Register (Markdown table: Scenario | Inherent Likelihood 1–5 | Inherent Impact 1–5 | Existing Controls | Control Effectiveness 1–5 | Residual Risk 1–5 | Owner | Target Date)
Control Map (table: Control | Type [Preventive/Detective/Corrective] | Evidence | Frequency | Owner)
Heatmap Narrative (≤150 words) with prioritised top 5 risks and justifications within [TimeWindow].
Conclude with a decision request list (budget, policy changes, tooling).