>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

1.3.2RMF Elements

>Control Description

FRFIs should consider the following elements of risk management when establishing the technology and cyber RMF: Accountability for technology and cyber risk management, including for relevant Oversight Functions; Technology and cyber risk appetite and measurement (e.g., limits, thresholds and tolerance levels); A technology and cyber risk taxonomy; Control domains for technology and cyber security; Policies, standards and processes governing technology and cyber risk, which are approved, regularly reviewed and consistently implemented enterprise-wide; Processes for identifying, assessing, managing, monitoring and reporting on technology and cyber risks, including processes for managing exceptions; Management of unique risks posed by emerging threats and technologies; and Reporting to Senior Management on technology and cyber risk appetite measures, exposures and trends to inform the FRFI's current and emerging risk profile. Please refer to OSFI's Corporate Governance Guideline for OSFI's expectations in relation to FRFI Oversight Functions, which include Risk Management, Compliance, and Internal Audit.

>Cross-Framework Mappings

SCF

OPS-02
Compare
RSK-01
Compare

Ask AI

Configure your API key to use AI features.