graphgrc

SCF - RSK-03 - Risk Identification

Mechanisms exist to identify and document risks, both internal and external.

Mapped framework controls

ISO 27001

• 6.1.2.c.1
• 6.1.2.c.2
• 6.1.2.c

ISO 27002

• A.5.8

SOC 2

• A1.2
• CC3.2
• CC7.2

Control questions

Does the organization identify and document risks, both internal and external?

This site is open source. Improve this page.