ID.GV-4

Governance and risk management processes address cybersecurity risks

Identify · Governance

Manual Attestation

Compliance Score

25%

Non-Compliant

Documentation Maturity

1/ 5

Target: 2.5

Implementation Maturity

1/ 5

Target: 2.5

Control Description

A risk management strategy is developed and implemented that considers cybersecurity risks alongside other business risks.

Findings (1)

0/1 items compliant

Severity	Finding	Recommendation
high	Improvement needed: Governance and risk management processes address cybersecurity risks Current implementation does not fully meet the requirements of ID.GV-4.	Establish a risk management process. Conduct a cybersecurity risk assessment at least annually. Document risk appetite and tolerance levels. Integrate cyber risks into overall business risk management.

Severity

Finding

high

Improvement needed: Governance and risk management processes address cybersecurity risks

Current implementation does not fully meet the requirements of ID.GV-4.

Remediation Guidance

Establish a risk management process. Conduct a cybersecurity risk assessment at least annually. Document risk appetite and tolerance levels. Integrate cyber risks into overall business risk management.