graphgrc

SCF - RSK-01.1 - Risk Framing

Mechanisms exist to identify:

• Assumptions affecting risk assessments, risk response and risk monitoring;
• Constraints affecting risk assessments, risk response and risk monitoring;
• The organizational risk tolerance; and
• Priorities and trade-offs considered by the organization for managing risk.

  Mapped framework controls

  ISO 27001

• 6.1.2.a.1
• 6.1.2.a.2
• 6.1.2.a
• 6.1.2.b
• 6.1.2.c.1
• 6.1.2.c.2
• 6.1.2.c
• 6.1.2.d.1
• 6.1.2.d.2
• 6.1.2.d.3
• 6.1.2.d
• 6.1.2.e.1
• 6.1.2.e.2
• 6.1.2.e
• 6.1.2

ISO 27002

• A.5.8

SOC 2

• CC3.2

Control questions

Does the organization identify:

• Assumptions affecting risk assessments, risk response and risk monitoring;
• Constraints affecting risk assessments, risk response and risk monitoring;
• The organizational risk tolerance; and
• Priorities and trade-offs considered by the organization for managing risk?

This site is open source. Improve this page.