GV.RM-P: Risk Management Strategy

Description

The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.

Framework Subcategories

GV.RM-P1: Risk management processes are established, managed, and agreed to by organizational stakeholders

[csf.tools Note: Subcategories do not have detailed descriptions.] Note: This Privacy Framework Subcategory is identical to the Cybersecurity Framework Subcategory.

GV.RM-P2: Organizational risk tolerance is determined and clearly expressed

[csf.tools Note: Subcategories do not have detailed descriptions.] Note: This Privacy Framework Subcategory is identical to the Cybersecurity Framework Subcategory.

GV.RM-P3: The organization’s determination of risk tolerance is informed by its role(s) in the data processing ecosystem.

[csf.tools Note: Subcategories do not have detailed descriptions.]