- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-30-2019 01:27 AM
Hi,
I am not sure to understand what the difference is between, on one side:
Policy > Policy statements > Controls
And on the other side:
Risk framework > Risk statement > Risk
Thanks for helping!
M
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-30-2019 06:27 AM
Hi,
Policy statements are the rules defined to govern a process, for example a policy statement stating that you should not tailgate to enter into office buildings and in order to make sure all are following this policy we need to define control measures like sending warning messages or escalate to immediate supervisor etc. Policy module will be defining the required policies to govern the process effectively
Risk Framework will deal with the risks which might occur due to adoption of a policy. For example, if you want to consult outsourcing to develop a tool for internal process then possible risks are exposing our internal processes and policies. Though you have defined controls to make sure it is not happening, there are still chances where the risk might occur. So the Risk Framework will drive how we are handling the risks (Mitigate, accept or reject etc.,) which might be direct or indirect results of policies or procedures adopted internally.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-30-2019 06:27 AM
Hi,
Policy statements are the rules defined to govern a process, for example a policy statement stating that you should not tailgate to enter into office buildings and in order to make sure all are following this policy we need to define control measures like sending warning messages or escalate to immediate supervisor etc. Policy module will be defining the required policies to govern the process effectively
Risk Framework will deal with the risks which might occur due to adoption of a policy. For example, if you want to consult outsourcing to develop a tool for internal process then possible risks are exposing our internal processes and policies. Though you have defined controls to make sure it is not happening, there are still chances where the risk might occur. So the Risk Framework will drive how we are handling the risks (Mitigate, accept or reject etc.,) which might be direct or indirect results of policies or procedures adopted internally.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-01-2019 12:47 AM
Thank you, thats clear as water.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-19-2022 03:00 AM
The dangers that could result from the adoption of a policy will be addressed by the risk framework. A possible danger, for instance, is disclosing our own procedures and policies if you wish to seek outsourcing to create an internal tool. Even though you have established controls to make sure it doesn't happen, there is still a potential that the risk could materialise with qr code menu. Therefore, the Risk Framework will determine how we handle risks (mitigate, accept, reject, etc.), which may be a direct or indirect effect of internal rules or procedures.
