Governance for the cyber risk management program is established and maintained
Context and Guidance: The organisation may establish a higher-level risk officer position that provides oversight of risk management or assign the responsibility to someone with sufficient authority in the organisation. The officer would be responsible for sponsoring and providing oversight of the policies and procedures for cyber risk management activities. Other responsibilities may include ensuring feedback loops are in place to evaluate the performance of activities or providing reporting to high-level managers on adherence to compliance obligations.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: RISK-1d, RISK-1e, RISK-1f.