>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

RM-02Risk Assessment

>Control Description

Organization management performs an annual risk assessment. Results from risk assessment activities are reviewed to prioritize mitigation of identified risks.

Theme

Process

Type

Detective

Policy/Standard

Risk Management Standard

>Implementation Guidance

1. Ensure Risk Management Standard shall be in place which RM-01 defines the requirements for annual risk assessment. 2. Ensure that the results of risk assessment are reviewed and mitigation is performed on priority. 3. Any identified issues should have a corresponding risk treatment plan or corrective action plan in place. Each issue shall be tracked to completion.

>Testing Procedure

1. Validate that Risk Management Standard is in place and defines the requirements for annual risk assessment. 2. Validate evidence for the review of results of risk assessment and mitigation of risks. 3. Validate that any identified issues were tracked to completion, according to its corresponding risk treatment plan or corrective action plan.

>Audit Artifacts

E-RM-03
E-RM-04
E-RM-05

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

NIST CSF
5

ID.GV-4
ID.RA-6
ID.RM-1
ID.RM-2
ID.RM-3

ISO 27001
14

4.1
8.1
8.2
8.3
10.2
6.1.1
+8 more

FedRAMP Rev 5
2

RA-03
SA-09 (01)

PCI DSS
5

12.3
12.3.1
12.3.2
12.3.3
12.3.4

SOC 2
4

CC3.2
CC3.3
CC3.4
CC9.1

BSI C5
7

COM-03
DEV-01
OIS-04
OIS-06
OIS-07
OPS-20
+1 more

TX-RAMP
1

RA-3

Ask AI

Configure your API key to use AI features.