SID-ORG-03 — Risk Management Framework
| Property | Value |
|---|---|
| Owner | operator |
| Category | process |
| CSF Function | identify |
| Group | Governance and Policy Controls |
Description
Operate a risk management framework per EN 319 401 and ISO 31000. Maintain a risk register mapped to CIR 2024/2981 Annex 1. Conduct risk assessments at least annually and after significant changes. Include threat intelligence from ENISA, national CSIRTs, and sector-specific sources.
Framework Requirements
EUDI Security Requirements: GEN-5-01, GEN-5-02, GEN-7.1.1-02
ISO 27001 Annex A: A.5.7