August 31, 2016

Risk Management Strategy (ID.RM)

Objectives of Risk Management Strategy

The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.

  • ID.RM-1: Risk management processes are established, managed, and agreed to by organizational stakeholders
  • ID.RM-2: Organizational risk tolerance is determined and clearly expressed
  • ID.RM-3: The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis