Operational risks that potentially affect services are identified.
Risks are analyzed to determine priority and importance.
Risks are evaluated against risk tolerances and criteria, and the potential impact of risk is characterized.
Risks are categorized and prioritized relative to risk parameters.
The strategy for disposition of each identified risk is established and maintained.
Risks to assets and services are addressed to prevent disruption of operational resilience.
Risk response plans are developed.
Risk strategies and response plans are implemented and monitored.
Information gathered from identified and realized risk is used to improve the operational resilience management system.
Protection strategies implemented to protect assets and services from risk are evaluated and updated as required based on risk information.
Passcode