Risk Assessment
Whisbi executes internal audits each six months generating a report that take into account the overall risk profile based on a Common Vulnerability Scoring System rating (CVSS – Common Vulnerability Scoring System SIG)
The below table provides the risk rating mapped to CVSS and our mitigation timescales objectives.
| Rating | CVSS score | Mitigation timescales |
| Critical | 9.0 – 10.0 | Mitigation schemes should be applied as soon as is operationally possible and take precedence over any scheduled changes |
| High | 7.0 – 8.9 | Mitigation schemes should be applied as soon as is operationally possible alongside any scheduled changes to be included in the next quarterly release |
| Medium | 4.0 – 6.9 | Fix in the next regular security release (bi-annual) |
| Low | 0.0 – 3.9 | Fix in service releases or new system designs |
| Informational |