Risk lifecycle

Below is the recommended cycle of events:

Figure 5.1 Lifecycle of risk analysis and management

The above cycle works on a regular basis. Once per year or every two years should suffice. Some regulations say or imply that this should be yearly but the more common view, and one which an auditor would like to see, is that the risk exercise is done at least every two years or when there are major changes in perceived threats.

The steps are these:

Review threats with stakeholders to agree risk areas

Go through an exercise with stakeholders and, in particular, the functional departments to agree which areas of threat represent areas ...

Get Business Continuity Management: In Practice now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.