Reporting Requirements
After data on the risks and recommendations has been collected, the data needs to be included in a report. This report will then be presented to management. The primary purpose of the report is to allow management to decide on what recommendations to use.
There are four major categories of reporting requirements:
- Presenting recommendations—These recommendations are the risk response recommendations.
- Documenting management response to recommendations—Management can accept, modify, or defer any of the recommendations.
- Documenting and tracking implementation of accepted recommendations—This process becomes the actual risk response plan.
- Creating a POAM—The POAM tracks the risk response actions.
Presenting Recommendations ...
Get Managing Risk in Information Systems, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
