Skip to main content

Risk Sub-Controls

Introduction

Risk Sub-Controls are each individual measure taken to address a negative scenario that put an Organization at Risk. They are critical in assessing the risk of an Information System.

e.g. A network firewall is in place.

Each Sub-Control has an Implementation and Strength Rating to rate its effectiveness.

Risk Sub-Controls can be linked to Evidence compliance or outsourced to a Vendor Sub-Control. Updates to those resources automatically update the Risk Sub-Control.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close