PM-29: Risk Management Program Leadership Roles

Control Family:

Program Management

CSF v1.1 References:

PF v1.0 References:


  • Low


  • Moderate


  • High


  • Privacy


Info icon.

Control is new to this version of the control set.

Control Statement

  1. Appoint a Senior Accountable Official for Risk Management to align organizational information security and privacy management processes with strategic, operational, and budgetary planning processes; and
  2. Establish a Risk Executive (function) to view and analyze risk from an organization-wide perspective and ensure management of risk is consistent across the organization.

Supplemental Guidance

The senior accountable official for risk management leads the risk executive (function) in organization-wide risk management activities.