Risk Assessment Policy and Procedures

class

Management

family

Risk Assessment

number

RA-1

priority

P1

impact

LOW_MODERATE_HIGH

The organization develops, disseminates, and reviews/updates [ Assignment: organization-defined frequency ]: A formal, documented risk assessment policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and Formal, documented procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls.

Comments