Objectives of Risk Management Strategy
The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.
- ID.RM-1: Risk management processes are established, managed, and agreed to by organizational stakeholders
- ID.RM-2: Organizational risk tolerance is determined and clearly expressed
- ID.RM-3: The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis