O365 Shared Tenant Hazard Log


Hazard identification is undertaken using a Structured ‘What If’ (SWIFT) method which assesses the potential failure modes of each core component. The Initial Risk Rating (IRR) associated with each identified hazard is assessed considering any  existing  controls,  followed  by  a Residual  Risk  Rating (RRR)  with  any  additional  risk controls.

Document information and downloads

  • Hazard summary
  • H1 - Adverse system performance impacting communication and workflow
  • H2 - Disrupted communication and workflow due to NHSMail outage
  • H3 - Inability to conduct virtual consulations or remote meetings
  • H4 - Inability to send or receive emails and attachments
  • H5 - Breach or loss of confidential patient data during storage and transmission
  • H6 - Unable to access encrypted content
  • H7 - Unable to access NHSMail account
  • H8 - Unable to access shared mailbox
  • H9 - Guest and external users unable to access shared resources
  • H10 - Unable to administer user accounts
  • H11 - User does not routinely monitor their user/shared mailbox
  • H12 - Updating patient care records; user fails to update the patient care record or updates it with delay
  • H13 - Legitimate emails and attachments are quarantined and/or deleted (false positive)
  • H14 - NHS directory contains incorrect, missing, or duplicate entries
  • H15 - User does not maintain their calendar
  • H16 - User data fails to fully migrate
  • H17 - Accessing third-party (federated) applications
  • H18 - The appointment scheduler is unavailable or inaccessible
  • H19 - Patient does not receive appointment invite
  • H20 - User cannot access Microsoft O365 applications or features
  • Hazard assessment criteria

File type Adobe Acrobat Portable Document Format (.pdf)
File size 903 KB

Last Reviewed Date 29/04/2024
Updated on 29/04/2024

Related Articles

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support
back to top