SID-ORG-03 — Risk Management Framework
| Property | Value |
|---|
| Status | to_do |
| Owner | operator |
| Category | process |
| CSF Function | identify |
| Group | Governance and Policy Controls |
Description
Operate a risk management framework per EN 319 401 and ISO 31000.
Maintain a risk register mapped to CIR 2024/2981 Annex 1. Conduct risk
assessments at least annually and after significant changes. Include
threat intelligence from ENISA, national CSIRTs, and sector-specific
sources.
Audit Findings
| Finding | Severity | Status |
|---|
| ISO-O-9 — Partial threat intelligence coverage | medium | open |