Information from RISK domain activities is communicated to relevant stakeholders
Context and Guidance: The risk management program has procedures that define criteria such as the types of information that should be communicated to stakeholders, methods of communication, and triggers that would require escalation. As the organisation identifies, analyses, and responds to risks, stakeholders should receive updated information on the status of risks. These stakeholders may be internal or external to the organisation.
Related Practices • Information Sharing: This practice is part of a group of cross-domain practices that enable information sharing with organisational stakeholders. These include: THREAT-1i, THREAT-2h, THREAT-2k, RISK-1c1d, SITUATION-3a, SITUATION-3c, SITUATION-3d, SITUATION-3e, RESPONSE-2g, RESPONSE-3c, RESPONSE-3f. • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: RISK-1d, RISK-1e.