๐ผ CC3.2-9 Assesses the Significance of the Risks
- Contextual name: ๐ผ CC3.2-9 Assesses the Significance of the Risks
- ID:
/frameworks/soc-2/cc3/02/09 - Located in: ๐ผ CC3.2 The entity identifies risks to the achievement of its objectives\ \ across the entity and analyzes risks as a basis for determining how the\ \ risks should be managed.
Descriptionโ
The entity assesses the significance of the identified risks, including (1) determining the criticality of system components, including information assets, in achieving the objectives; (2) assessing the susceptibility of the identified vulnerabilities to the identified threats (3) assessing the likelihood of the identified risks (4) assessing the magnitude of the effect of potential risks to the achievement of the objectives; (5) considering the potential effects of unidentified threats and vulnerabilities on the assessed risks; (6) developing risk mitigation strategies to address the assessed risks; and (7) evaluating the appropriateness of residual risk (including whether to accept, reduce, or share such risks).
Similarโ
- Internal
- ID:
dec-c-9a076b24
- ID:
Sub Sectionsโ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|