RSK-04
Risk Assessment
Description
Mechanisms exist to conduct recurring assessments of risk that includes the likelihood and magnitude of harm, from unauthorized access, use, disclosure, disruption, modification or destruction of the organization's Technology Assets, Applications, Services and/or Data (TAASD).
Control Question
Does the organization conduct recurring assessments of risk that includes the likelihood and magnitude of harm, from unauthorized access, use, disclosure, disruption, modification or destruction of its Technology Assets, Applications, Services and/or Data (TAASD)?
Control Metadata
Domain:
Risk Management
Validation Cadence:
Annual
Evidence Request List:
E-RSK-04
Framework Mappings
This control maps to the following compliance frameworks
APRA CPS 230
27(a)27(b)27(c)28
MAS TRM
4.1.4(b)4.3.2
HKIA GL20
1.11.21.31.41.52.12.22.3