Mechanisms exist to define organizational risk threshold, the level of risk exposure above which risks are addressed and below which risks may be accepted.
Control Question
Assessment question for control validation
Does the organization define organizational risk threshold, the level of risk exposure above which risks are addressed and below which risks may be accepted?
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 1 - Strategic
Tier 2 - Operational
Tier 3 - Tactical
Core Control Designations
Special designations and baseline inclusions
MAD: RSK-01.4
ESP Level 1: RSK-01.4
ESP Level 2: RSK-01.4
ESP Level 3: RSK-01.4