It is important that the activity of submitting and updating methods and tools in this inventory is regulated by criteria that are clearly stated and well understood by any individuals or organizations submitting information about methodologies, tools and good practices. In particular, it is important to ensure that ENISA avoids ethical and legal consequences arising from any action taken by individuals or organizations as a result of information published on its Web site. The term “item” is used to describe methodologies, tools or good practices submitted by third parties concerning Risk Assessment (RA), Risk Management (RM), or both.
Declarations of interest
Before submitting an item to ENISA, an individual or organization must send ENISA a “declaration of interest”. This is a simple form that can be downloaded from the ENISA website. The content of the form is as follows:
- Whether the item is a methodology , tool or good practice guidance.
- A brief (250 words or less) description of the item concerned.
- Proof that the item is in actual use by providing references (organisations and/or projects) where the item has been deployed.
- A statement by the individual or organization that they either have legal rights over the item, or that they have written permission from the legal owner, or that the item is not covered by any form of copyright, patent or legal restriction as to its use.
- Written consent to all conditions for submission of items, as set out in section below and published on the ENISA Web site.
Acceptance criteria for declarations of interest
Upon receipt of a declaration of interest, ENISA will consider the submission in the light of the following criteria:
- Whether the item is in actual use.
- Whether the item described is clearly stated as either a methodology, or as tool or as good practice that will assist organizations in carrying out RA, RM or both.
- Whether the organization or individual submitting the declaration of interest is either the legal owner of the item, has permission from the legal owner, or the item is not covered by any form of copyright, patent or legal restriction as to its use.
- A witnessed signature by the submitter demonstrating consent to the following rules:
- Publication of an item by ENISA does not imply any form of endorsement by ENISA of the item’s quality, reliability or usefulness in practice;
- All information published on the ENISA Web site pertaining to an item is entirely the responsibility of the submitting organization or individual,
- ENISA will not be held liable for any damage, loss or incident consequent on the use of an item by a third party.
- On a regular annual basis, ENISA will update the inventory with available information (new submissions, update requests etc.). Submissions that are accepted within a notification period before the update activity, will be published.
- ENISA will be notified by the submitting organization or individual as soon as an item is withdrawn from use.
- The permission to publish the contact details of the individual or organization responsible for submitting and maintaining information concerning the item.
- The decision of ENISA to include or not include an item on its Web site is final.
If the declaration of interest fails to meet any or all of the criteria, the submitting organization or individual will be informed of the failure and the reasons will be explained. If the declaration of interest has failed as a result of insufficient information or incorrect completion of the form, the organization or individual may be invited to make a correction and re-submit.
Submission of an item
When ENISA has determined from the declaration of interest that an item meets all the criteria set out above, the submitting organization or individual will be asked to complete a template form. Separate forms will be provided for methodologies, tools and good practice.
The forms will specify the following minimum criteria:
Methodologies: Methodologies must supply a clear explanation of their underlying logic and demonstrate that they are in actual use.
Tools: Tools must clearly explain the underlying methodology and demonstrate that they are in actual use.
Good Practices: Good practices must explain to which standards, tools and/or methodologies they are applicable, how they are used and demonstrate that they are in actual use.
Acceptance and maintenance of an item
On receipt of the appropriate template, ENISA will consider if it meets the minimum criteria. If the template fails to meet the minimum criteria, the submitter or individual will be informed of the failure and the reasons will be explained. If the form has failed as a result of insufficient information or incorrect completion, the submitter may be invited to make appropriate corrections and re-submit.
Annually, or whenever significant changes to an item are made, the submitter must use the relevant form, published on the ENISA Web site, to submit updates to the item.
If an item is withdrawn from use, the submitter or individual must use the relevant form, published on the RMRA Web site, to notify ENISA of this fact.
Following forms are necessary for the procedure for the display, maintenance and removal of risk analysis and risk management methodologies, tools and good practice on the ENISA Web site and are also contained in the Download section.
- Application form for Methods
- Application form for Tools
- Application form for Best Practices
- Declaration of interest
- Item Update form
- Item Withdrawal form