rsk-04-riskassessment.md

SCF - RSK-04 - Risk Assessment

Mechanisms exist to conduct recurring assessments of risk that includes the likelihood and magnitude of harm, from unauthorized access, use, disclosure, disruption, modification or destruction of the organization's systems and data.

Mapped framework controls

GDPR

• Art 35.11
• Art 35.1
• Art 35.2
• Art 35.3
• Art 35.7
• Art 35.8
• Art 35.9

ISO 27001

• 6.1.2.d.1
• 6.1.2.d.2
• 6.1.2.d.3
• 6.1.2.d
• 6.1.2.e.1
• 6.1.2.e.2
• 6.1.2.e
• 8.2

ISO 27002

• A.5.8
• A.7.5

NIST 800-53

• RA-3

SOC 2

• A1.2
• CC3.2
• CC7.3

Control questions

Does the organization conduct recurring assessments of risk that includes the likelihood and magnitude of harm, from unauthorized access, use, disclosure, disruption, modification or destruction of the organization's systems and data?