The Government identifies and assesses risks to the nation through the internal, classified National Security Risk Assessment, and the external National Risk Register, the most recent version of which was published in August.
As set out in the UK Government Resilience Framework, each risk in the National Security Risk Assessment is owned and managed within Lead Government Departments.
Where those risks, including national security risks, relate to the work of Defra, then they are managed through the department’s risk management processes. For example, in Defra, risk is reported quarterly to the Executive Committee and each of our principal risks is the subject of a rolling programme of deep dives. Our management of risks is in line with the principles outlined in the Government’s Orange Book.