CISOBot - Your AI CISO Assistant

PRM-06

Business Process Definition

Weight: 7/10

Description

Mechanisms exist to define business processes with consideration for cybersecurity and data protection that determines: (1) The resulting risk to organizational operations, assets, individuals and other organizations; and (2) Information protection needs arising from the defined business processes and revises the processes as necessary, until an achievable set of protection needs is obtained.

Control Question

Does the organization define business processes with consideration for cybersecurity and data protection that determines: (1) The resulting risk to organizational operations, assets, individuals and other organizations; and (2) Information protection needs arising from the defined business processes and revises the processes as necessary, until an achievable set of protection needs is obtained?

Control Metadata

Domain:

Project & Resource Management

Validation Cadence:

Annual

Evidence Request List:

E-PRM-03

Framework Mappings

This control maps to the following compliance frameworks

MAS TRM

5.5.15.5.2

Have questions about this control?

Ask CISOBot for implementation guidance and best practices