Requirement

Risk management

Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.

Fulfill this requirement by completing the tasks below ->
Risk management
This requirement is part of the framework:  

Other requirements of the framework

No items found.
0
Risk management
No items found.
Risk management and leadership
Best practices
How to implement:
Risk management
This policy on
Risk management
provides a set concrete tasks you can complete to secure this topic. Follow these best practices to ensure compliance and strengthen your overall security posture.
Read below what concrete actions you can take to improve this ->
Risk management and leadership
Risk management
Frameworks that include requirements for this topic:
Lov om digital sikkerhet (Norge)
Sikkerhetsloven (Norge)
Säkerhetsskyddslagen (Sverige)
Cybersikkerhedsloven (Danmark)
CER Directive
Avviż Legali 71 tal-2025 (Malta)

How to improve security around this topic

In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.

Here's a list of tasks that help you improve your information and cyber security related to
Risk management
Task name
Priority
Task completes
Complete these tasks to increase your compliance in this policy.
Critical
31 requirements
Creating and maintaining risk management framework -report
Critical
High
Normal
Low
6
requirements
Risk management and leadership
Risk management

Creating and maintaining risk management framework -report

This task helps you comply with the following requirements

Article 5: Governance and organisationDORA
Article 6: ICT risk management frameworkDORA
Article 29: Information security policy and measuresDORA simplified RMF
Risk management policy -report publishing, informing and maintenance
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Risk management

Risk management policy -report publishing, informing and maintenance

This task helps you comply with the following requirements

GV.PO-01: Policy for managing cybersecurity risksNIST 2.0
GV.PO-02: Policy for managing cybersecurity risksNIST 2.0
Identification and documentation of cyber security risks
Critical
High
Normal
Low
70
requirements
Risk management and leadership
Risk management

Identification and documentation of cyber security risks

This task helps you comply with the following requirements

Članak 30.1.a: Politike analize rizika i sigurnosti informacijskih sustavaNIS2 Croatia
2.5: RiskienhallintaTiHL tietoturvavaatimukset
7 §: RiskienhallintaKyberturvallisuuslaki
1.4.1: Management of Information Security RisksTISAX
13 §: Tietoaineistojen ja tietojärjestelmien tietoturvallisuusTiHL
30 § 3.1°: L'analyse des risques et à la sécurité des systèmes d'informationNIS2 Belgium
30 § 5°: Analyse des risques et politique de sécurité de l'informationNIS2 Belgium
ID.RM-3: The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis.CyberFundamentals
ID.GV-4: Governance and risk management processes address cybersecurity risks.CyberFundamentals
ID.RA-5: Threats, vulnerabilities, likelihoods, and impacts are used to determine riskCyberFundamentals
Risk management procedure -report publishing and maintenance
Critical
High
Normal
Low
80
requirements
Risk management and leadership
Risk management

Risk management procedure -report publishing and maintenance

This task helps you comply with the following requirements

Članak 30.1.a: Politike analize rizika i sigurnosti informacijskih sustavaNIS2 Croatia
2.5: RiskienhallintaTiHL tietoturvavaatimukset
8 §: Kyberturvallisuutta koskeva riskienhallinnan toimintamalli Kyberturvallisuuslaki
1.4.1: Management of Information Security RisksTISAX
30 § 1°: Gestion des risques et maîtrise des incidentsNIS2 Belgium
32: Responsabilité de l'encadrement supérieurNIS2 Belgium
30 § 3.1°: L'analyse des risques et à la sécurité des systèmes d'informationNIS2 Belgium
30 § 2°: Évaluation des risques et mesures de gestionNIS2 Belgium
1.1.2: Identify the organisation’s structures and processes for security managementNSM ICT-SP
1.1.3: Identify the organisation’s processes for ICT risk managementNSM ICT-SP
Risk assessment in technical documentation
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Risk management

Risk assessment in technical documentation

This task helps you comply with the following requirements

Article 13.4: Risk assessment in technical documentationCRA
Vulnerability management process
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Risk management

Vulnerability management process

This task helps you comply with the following requirements

Article 13.3: Documenting risk assessmentCRA
Updating the risk assessment
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Risk management

Updating the risk assessment

This task helps you comply with the following requirements

Article 13.3: Documenting risk assessmentCRA
Risk assessment of products
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Risk management

Risk assessment of products

This task helps you comply with the following requirements

Article 13.2: Risk assessmentCRA
Risk rating system for logical control systems
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Risk management

Risk rating system for logical control systems

This task helps you comply with the following requirements

No items found.
Defining the frequency and criteria for risk and vulnerability reassessment
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Risk management

Defining the frequency and criteria for risk and vulnerability reassessment

This task helps you comply with the following requirements

No items found.
Risk assessment background information for participants
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Risk management

Risk assessment background information for participants

This task helps you comply with the following requirements

12.2: Risk assessment measuresCER
Taking risk management into account in strategic decision making process
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Risk management

Taking risk management into account in strategic decision making process

This task helps you comply with the following requirements

No items found.
Monitoring of risks
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Risk management

Monitoring of risks

This task helps you comply with the following requirements

No items found.
Assesment of residual risks (DORA)
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Risk management

Assesment of residual risks (DORA)

This task helps you comply with the following requirements

No items found.
Establishing risk tolerance level
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Risk management

Establishing risk tolerance level

This task helps you comply with the following requirements

No items found.
Security management process for ePHI
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Risk management

Security management process for ePHI

This task helps you comply with the following requirements

No items found.
Remediation plan for identified deficiencies
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Risk management

Remediation plan for identified deficiencies

This task helps you comply with the following requirements

12.5: Planul de măsuri pentru remedierea deficiențelorNIS2 Romania
Risk assessment for new acquisitions
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Risk management

Risk assessment for new acquisitions

This task helps you comply with the following requirements

§ 9-4.1: Myndighet til å fatte vedtak ved anskaffelser til skjermingsverdig informasjonssystem, objekt og infrastrukturSikkerhetsloven
Personnel clearance procedure
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Risk management

Personnel clearance procedure

This task helps you comply with the following requirements

§ 8-2: SikkerhetsklareringSikkerhetsloven
Managing security authorization
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Risk management

Managing security authorization

This task helps you comply with the following requirements

§ 8-10: Nedsettelse, suspensjon og tilbakekallelse av autorisasjonSikkerhetsloven
Personnel authorization procedure
Critical
High
Normal
Low
3
requirements
Risk management and leadership
Risk management

Personnel authorization procedure

This task helps you comply with the following requirements

§ 8-9: AutorisasjonSikkerhetsloven
§ 8-1.1: Krav om sikkerhetsklarering, adgangsklarering og autorisasjonSikkerhetsloven
§ 8-1.2: Krav om konfidensiell og kritisk sikkerhetsklareringSikkerhetsloven
Conduct and document a protective security analysis
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Risk management

Conduct and document a protective security analysis

This task helps you comply with the following requirements

§ 2.1: Skyldigheter för den som bedriver säkerhetskänslig verksamhetSSL
Procedure for security assessments in transfers of sensitive activities
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Risk management

Procedure for security assessments in transfers of sensitive activities

This task helps you comply with the following requirements

§ 4.14: Säkerhetsbedömning för sekretessbelagd informationSSL
§ 4.9: LämplighetsprövningenSSL
Create and maintain a system architecture and risk assessment document
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Risk management

Create and maintain a system architecture and risk assessment document

This task helps you comply with the following requirements

13.4: Sikring af udsendelse af offentlige advarslerNIS2 Denmark
Conducting threat modeling
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Risk management

Conducting threat modeling

This task helps you comply with the following requirements

16.14: Conduct Threat ModelingCIS 18
Monitoring service providers
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Risk management

Monitoring service providers

This task helps you comply with the following requirements

15.6: Monitor Service ProvidersCIS 18
Assessing service providers
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Risk management

Assessing service providers

This task helps you comply with the following requirements

15.5: Assess Service ProvidersCIS 18
Evaluation of risk management strategy, results and performance
Critical
High
Normal
Low
3
requirements
Risk management and leadership
Risk management

Evaluation of risk management strategy, results and performance

This task helps you comply with the following requirements

GV.OV-03: Organizational cybersecurity risk management performanceNIST 2.0
GV.OV-01: Cybersecurity risk management strategy reviewNIST 2.0
GV.OV-02: Coverage of organization requirements in cybersecurity risk management strategyNIST 2.0
Strategic opportunities and positive risks
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Risk management

Strategic opportunities and positive risks

This task helps you comply with the following requirements

GV.RM-07: Strategic opportunities in organizational cybersecurity risk discussionsNIST 2.0
Creating and maintaining risk assessment framework
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Risk management

Creating and maintaining risk assessment framework

This task helps you comply with the following requirements

1.1.3: Identify the organisation’s processes for ICT risk managementNSM ICT-SP
Identification and assessment of risks based on the classification of data sets
Critical
High
Normal
Low
0
requirements
Risk management and leadership
Risk management

Identification and assessment of risks based on the classification of data sets

This task helps you comply with the following requirements

No items found.
Enabling asset-based risk management in the ISMS
Critical
High
Normal
Low
8
requirements
Risk management and leadership
Risk management

Enabling asset-based risk management in the ISMS

This task helps you comply with the following requirements

Article 8: IdentificationDORA
2.5: RiskienhallintaTiHL tietoturvavaatimukset
5.2.2: Seperation of testing and development environmentsTISAX
1.1.3: Identify the organisation’s processes for ICT risk managementNSM ICT-SP
Article 31: ICT risk managementDORA simplified RMF
11.7: Listei de active și riscuriNIS2 Romania
Assigning responsibility of ICT-risk management to appropriate function
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Risk management

Assigning responsibility of ICT-risk management to appropriate function

This task helps you comply with the following requirements

Article 6: ICT risk management frameworkDORA
Consideration of security-classified risks to information in risk management
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Risk management

Consideration of security-classified risks to information in risk management

This task helps you comply with the following requirements

T-03: TIETOTURVALLISUUSRISKIEN HALLINTAKatakri 2020
Regular internal monitoring of the implementation of the information security management system
Critical
High
Normal
Low
41
requirements
Risk management and leadership
Risk management

Regular internal monitoring of the implementation of the information security management system

This task helps you comply with the following requirements

Članak 30.1.f: Politike i postupke za procjenu djelotvornosti mjera upravljanja kibernetičkim sigurnosnim rizicimaNIS2 Croatia
10 §: Johdon vastuuKyberturvallisuuslaki
9.1 §: Toimien vaikuttavuuden arviointiKyberturvallisuuslaki
1.2.1: Scope of Information Security managementTISAX
1.5.1: Assessment of policies and requirementsTISAX
30 § 3.6°: L'efficacité des mesures de gestion des risquesNIS2 Belgium
1.1.2: Identify the organisation’s structures and processes for security managementNSM ICT-SP
1.1.3: Identify the organisation’s processes for ICT risk managementNSM ICT-SP
14.5.7): Kibernetinio saugumo reikalavimų veiksmingumuiNIS2 Lithuania
Art. 23.2: Formazione in materia di sicurezza informaticaNIS2 Italy
Documentation of linked risks for identified security incidents
Critical
High
Normal
Low
28
requirements
Risk management and leadership
Risk management

Documentation of linked risks for identified security incidents

This task helps you comply with the following requirements

Članak 30.1.a: Politike analize rizika i sigurnosti informacijskih sustavaNIS2 Croatia
7 §: RiskienhallintaKyberturvallisuuslaki
30 § 3.1°: L'analyse des risques et à la sécurité des systèmes d'informationNIS2 Belgium
4.4.1: Identify experiences and lessons learnt from incidentsNSM ICT-SP
4.3.1: Identify extent and impact on business processesNSM ICT-SP
RS.AN-2: The impact of the incident is understood.CyberFundamentals
14.5.1): Kibernetinio saugumo politika ir rizikos analizėsNIS2 Lithuania
27.(a): Riska pārvaldība un informācijas sistēmu drošībaNIS2 Latvia
Art. 24.2.a: Politiche di analisi dei rischi e di sicurezza dei sistemi informativi e di reteNIS2 Italy
21.2.a: Risk management and information system securityNIS2
Luettelo salassa pidettävän tiedon käsittelyä edellyttävistä työtehtävistä
Critical
High
Normal
Low
4
requirements
Risk management and leadership
Risk management

Luettelo salassa pidettävän tiedon käsittelyä edellyttävistä työtehtävistä

This task helps you comply with the following requirements

T12: Tiedonsaantitarve ja käsittelyoikeudetKatakri
HAL-10: Henkilöstön luotettavuuden arviointiJulkri
T-13: TIEDONSAANTITARVE JA KÄSITTELYOIKEUDETKatakri 2020
I-06: VÄHIMPIEN OIKEUKSIEN PERIAATE – PÄÄSYOIKEUKSIEN HALLINNOINTIKatakri 2020
Yleiset muutostenhallintamenettelyt (ST IV-III)
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Risk management

Yleiset muutostenhallintamenettelyt (ST IV-III)

This task helps you comply with the following requirements

I20: MuutoshallintamenettelytKatakri
Yleiset muutostenhallintamenettelyt (ST II)
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Risk management

Yleiset muutostenhallintamenettelyt (ST II)

This task helps you comply with the following requirements

I20: MuutoshallintamenettelytKatakri
Evaluation process and documentation of significant security-related changes
Critical
High
Normal
Low
51
requirements
Risk management and leadership
Risk management

Evaluation process and documentation of significant security-related changes

This task helps you comply with the following requirements

Članak 30.1.a: Politike analize rizika i sigurnosti informacijskih sustavaNIS2 Croatia
7 §: RiskienhallintaKyberturvallisuuslaki
5.2.1: Change managementTISAX
30 § 3.1°: L'analyse des risques et à la sécurité des systèmes d'informationNIS2 Belgium
2.10.1: Include security in the organisation’s change management processNSM ICT-SP
2.10.2: Involve necessary ICT security staff when making changesNSM ICT-SP
3.3.2: Establish and maintain expertise on the desired state of the organisation’s information systemsNSM ICT-SP
PR.IP-3: Configuration change control processes are in place.CyberFundamentals
ID.GV-4: Governance and risk management processes address cybersecurity risks.CyberFundamentals
14.5.1): Kibernetinio saugumo politika ir rizikos analizėsNIS2 Lithuania
Treatment process and documentation of identified non-conformities
Critical
High
Normal
Low
27
requirements
Risk management and leadership
Risk management

Treatment process and documentation of identified non-conformities

This task helps you comply with the following requirements

1.5.1: Assessment of policies and requirementsTISAX
30 § 6°: Non-conformités et mesures correctivesNIS2 Belgium
I-11: MONITASOINEN SUOJAAMINEN – POIKKEAMIEN HAVAINNOINTIKYKY JA TOIPUMINENKatakri 2020
45.(3): Neatbilstības un koriģējošās darbībasNIS2 Latvia
Art 24.4: Non conformità e azioni correttiveNIS2 Italy
23: Häiriöiden- ja poikkeamienhallintaprosessiDigiturvan kokonaiskuvapalvelu
21.4: Non-conformities and corrective actionsNIS2
P8.1: Periodic monitoring of privacy complianceSOC 2
CC4.2: Evaluation and communication of internal control deficienciesSOC 2
10.2: Non-conformity and corrective actionISO 27001
Taking the results of risk management into account in audit procedures
Critical
High
Normal
Low
3
requirements
Risk management and leadership
Risk management

Taking the results of risk management into account in audit procedures

This task helps you comply with the following requirements

Article 6: ICT risk management frameworkDORA
1.4.1: Management of Information Security RisksTISAX
Consideration of risk management results in continuity planning
Critical
High
Normal
Low
7
requirements
Risk management and leadership
Risk management

Consideration of risk management results in continuity planning

This task helps you comply with the following requirements

29: Jatkuvuuteen liittyvien riskien arviointiDigiturvan kokonaiskuvapalvelu
30: Riskeihin perustuvat jatkuvuussuunnitelmatDigiturvan kokonaiskuvapalvelu
1.4.1: Management of Information Security RisksTISAX
28.(1): Kiberriska pārvaldības un nepārtrauktības plāniNIS2 Latvia
§ 10: Krav om sikkerhet for tilbydere av digitale tjenesterNIS2 NO
Practicing disaster plans
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Risk management

Practicing disaster plans

This task helps you comply with the following requirements

§ 13.3: Beredskapsplanlegging og øvelserNIS2 NO
Process for including information security aspects in project management
Critical
High
Normal
Low
4
requirements
Risk management and leadership
Risk management

Process for including information security aspects in project management

This task helps you comply with the following requirements

6.1.5: Information security in project managementISO 27001
5.8: Information security in project managementISO 27001
1.2.3: Information Security requirements in projectsTISAX
Assessment of the impact and likelihood of the risks and the scales used
Critical
High
Normal
Low
12
requirements
Risk management and leadership
Risk management

Assessment of the impact and likelihood of the risks and the scales used

This task helps you comply with the following requirements

ID.RA-4: Impacts on businessNIST
Article 6: ICT risk management frameworkDORA
2.5: RiskienhallintaTiHL tietoturvavaatimukset
1.4.1: Management of Information Security RisksTISAX
ID.RA-04: Impacts and likelihoods of threatsNIST 2.0
ID.RA-05: Risk evaluationNIST 2.0
ID.RA-5: Threats, vulnerabilities, likelihoods, and impacts are used to determine riskCyberFundamentals
30 § 2°: Évaluation des risques et mesures de gestionNIS2 Belgium
Article 31: ICT risk managementDORA simplified RMF
12.1: Mesures de sécurité et gestion des risquesNIS2 Luxembourg
Approval of the risk management procedure description
Critical
High
Normal
Low
8
requirements
Risk management and leadership
Risk management

Approval of the risk management procedure description

This task helps you comply with the following requirements

ID.RM-1: Risk management processesNIST
14.5.2): Aukščiausiosios vadovybės atsakomybėNIS2 Lithuania
Article 6: ICT risk management frameworkDORA
1.4.1: Management of Information Security RisksTISAX
ID.RM-1: Risk management processes are established, managed, and agreed to by organizational stakeholders.CyberFundamentals
GV.RM-01: Establishing and agreeing on risk management objectives with stakeholdersNIST 2.0
32: Responsabilité de l'encadrement supérieurNIS2 Belgium
28.1: Top management commitmentNIS2 Ireland
Risk level accepted by the organization
Critical
High
Normal
Low
38
requirements
Risk management and leadership
Risk management

Risk level accepted by the organization

This task helps you comply with the following requirements

Članak 30.1.a: Politike analize rizika i sigurnosti informacijskih sustavaNIS2 Croatia
8 §: Kyberturvallisuutta koskeva riskienhallinnan toimintamalli Kyberturvallisuuslaki
30 § 3.1°: L'analyse des risques et à la sécurité des systèmes d'informationNIS2 Belgium
1.1.4: Identify the organisation’s tolerances for ICT riskNSM ICT-SP
1.1.2: Identify the organisation’s structures and processes for security managementNSM ICT-SP
4.4.2: Review identified compromised security measuresNSM ICT-SP
ID.RM-2: Organizational risk tolerance is determined and clearly expressed.CyberFundamentals
ID.RM-3: The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis.CyberFundamentals
14.5.1): Kibernetinio saugumo politika ir rizikos analizėsNIS2 Lithuania
ID.RM-2: Risk toleranceNIST
Evaluation of the information security measures defined in the risk management phase
Critical
High
Normal
Low
5
requirements
Risk management and leadership
Risk management

Evaluation of the information security measures defined in the risk management phase

This task helps you comply with the following requirements

HAL-06: RiskienhallintaJulkri
RISK-4: Respond to Cyber RiskC2M2
CC5.1: Control activities for mitigation of risksSOC 2
1.4.1: Management of Information Security RisksTISAX
Article 31: ICT risk managementDORA simplified RMF
Legal risks related to the service
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Risk management

Legal risks related to the service

This task helps you comply with the following requirements

HAL-06.1: Riskienhallinta - lainsäädäntöjohdannaiset riskitJulkri
Fyysisen turvallisuuden riskien arviointi
Critical
High
Normal
Low
3
requirements
Risk management and leadership
Risk management

Fyysisen turvallisuuden riskien arviointi

This task helps you comply with the following requirements

FYY-01: Fyysisen turvallisuuden riskien arviointiJulkri
F-02: Fyysisten turvatoimien riskien arviointiKatakri 2020
8 §: Kyberturvallisuutta koskeva riskienhallinnan toimintamalli Kyberturvallisuuslaki
Muutoshallintamenettelyt tietojenkäsittely-ympäristöissä (TL IV)
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Risk management

Muutoshallintamenettelyt tietojenkäsittely-ympäristöissä (TL IV)

This task helps you comply with the following requirements

TEK-17.3: MuutoshallintamenettelytJulkri
I-16: TURVALLISUUSLUOKITELLUN TIEDON KÄSITTELYYN LIITTYVÄN TIETOJENKÄSITTELY-YMPÄRISTÖN SUOJAUS KOKO ELINKAAREN AJAN – MUUTOSHALLINTAMENETTELYTKatakri 2020
Immediate reporting of critical risks to top management
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Risk management

Immediate reporting of critical risks to top management

This task helps you comply with the following requirements

18: Kriittisten riskien raportointiDigiturvan kokonaiskuvapalvelu
1.1.3: Identify the organisation’s processes for ICT risk managementNSM ICT-SP
Monitoring the status of risk management
Critical
High
Normal
Low
9
requirements
Risk management and leadership
Risk management

Monitoring the status of risk management

This task helps you comply with the following requirements

14.5.2): Aukščiausiosios vadovybės atsakomybėNIS2 Lithuania
19: Riskienhallinan tilanteen seuraaminenDigiturvan kokonaiskuvapalvelu
CC5.1: Control activities for mitigation of risksSOC 2
Article 6: ICT risk management frameworkDORA
2.5: RiskienhallintaTiHL tietoturvavaatimukset
1.1.3: Identify the organisation’s processes for ICT risk managementNSM ICT-SP
32: Responsabilité de l'encadrement supérieurNIS2 Belgium
Article 31: ICT risk managementDORA simplified RMF
28.1: Top management commitmentNIS2 Ireland
Consideration of critical functions in risk management
Critical
High
Normal
Low
4
requirements
Risk management and leadership
Risk management

Consideration of critical functions in risk management

This task helps you comply with the following requirements

74: Kriittisten palveluiden riskien arviointi ja hallintaDigiturvan kokonaiskuvapalvelu
ID.BE-4: Dependencies and critical functions for delivery of critical services are established.CyberFundamentals
31: Besondere Anforderungen an die Risikomanagementmaßnahmen von Betreibern kritischer AnlagenNIS2 Germany
12.1: Risk assessmentsCER
Identification of risks endangering the continuity of operations and their handling plans
Critical
High
Normal
Low
2
requirements
Risk management and leadership
Risk management

Identification of risks endangering the continuity of operations and their handling plans

This task helps you comply with the following requirements

CC9.1: Treatment plans for business disruption risksSOC 2
28.(1): Kiberriska pārvaldības un nepārtrauktības plāniNIS2 Latvia
Consideration of information security goals in risk assessment
Critical
High
Normal
Low
3
requirements
Risk management and leadership
Risk management

Consideration of information security goals in risk assessment

This task helps you comply with the following requirements

CC5.1: Control activities for mitigation of risksSOC 2
30 § 2°: Évaluation des risques et mesures de gestionNIS2 Belgium
§ 7: RisikovurderingNIS2 NO
Segregation of tasks in information security risk management
Critical
High
Normal
Low
1
requirements
Risk management and leadership
Risk management

Segregation of tasks in information security risk management

This task helps you comply with the following requirements

CC5.1: Control activities for mitigation of risksSOC 2
Regular external auditing of security practices
Critical
High
Normal
Low
27
requirements
Risk management and leadership
Risk management

Regular external auditing of security practices

This task helps you comply with the following requirements

Članak 30.1.f: Politike i postupke za procjenu djelotvornosti mjera upravljanja kibernetičkim sigurnosnim rizicimaNIS2 Croatia
9.1 §: Toimien vaikuttavuuden arviointiKyberturvallisuuslaki
1.5.2: External review of ISMSTISAX
30 § 3.6°: L'efficacité des mesures de gestion des risquesNIS2 Belgium
14.5.7): Kibernetinio saugumo reikalavimų veiksmingumuiNIS2 Lithuania
ID.IM-01: Improvements from evaluationsNIST 2.0
Art. 24.2.f: Valutare l'efficacia delle misure di gestione del rischio di sicurezza informaticaNIS2 Italy
51: Tietoturvallisuuden auditointiDigiturvan kokonaiskuvapalvelu
21.2.f: Assessing effectiveness of security measuresNIS2
CC4.1: Evaluation of internal controlsSOC 2
Detection of non-compliance with the change management procedure
Critical
High
Normal
Low
4
requirements
Risk management and leadership
Risk management

Detection of non-compliance with the change management procedure

This task helps you comply with the following requirements

CC3.4: Identification and assesment of changesSOC 2
ID.IM-01: Improvements from evaluationsNIST 2.0
Rules for deviating from the change management procedure
Critical
High
Normal
Low
4
requirements
Risk management and leadership
Risk management

Rules for deviating from the change management procedure

This task helps you comply with the following requirements

CC3.4: Identification and assesment of changesSOC 2
5.2.1: Change managementTISAX
Regular communication of the general risk situation to the organization's management
Critical
High
Normal
Low
4
requirements
Risk management and leadership
Risk management

Regular communication of the general risk situation to the organization's management

This task helps you comply with the following requirements

17: Riskitilanteen raportointi johdolleDigiturvan kokonaiskuvapalvelu
CC3.2: Identification of risks related to objectivesSOC 2
1.1.4: Identify the organisation’s tolerances for ICT riskNSM ICT-SP
GV.RM-05: Communication lines for cybersecurity risks across the organizationNIST 2.0
Assessment of residual risks
Critical
High
Normal
Low
26
requirements
Risk management and leadership
Risk management

Assessment of residual risks

This task helps you comply with the following requirements

Članak 30.1.a: Politike analize rizika i sigurnosti informacijskih sustavaNIS2 Croatia
2.5: RiskienhallintaTiHL tietoturvavaatimukset
7 §: RiskienhallintaKyberturvallisuuslaki
30 § 3.1°: L'analyse des risques et à la sécurité des systèmes d'informationNIS2 Belgium
ID.GV-4: Governance and risk management processes address cybersecurity risks.CyberFundamentals
14.5.1): Kibernetinio saugumo politika ir rizikos analizėsNIS2 Lithuania
14.5.13): Kitus taikomus kibernetinio saugumo reikalavimusNIS2 Lithuania
27.(a): Riska pārvaldība un informācijas sistēmu drošībaNIS2 Latvia
Art. 24.2.a: Politiche di analisi dei rischi e di sicurezza dei sistemi informativi e di reteNIS2 Italy
20: Jäännösriskien arviointiDigiturvan kokonaiskuvapalvelu
Continuous improvement of the risk management process
Critical
High
Normal
Low
28
requirements
Risk management and leadership
Risk management

Continuous improvement of the risk management process

This task helps you comply with the following requirements

Članak 30.1.a: Politike analize rizika i sigurnosti informacijskih sustavaNIS2 Croatia
8 §: Kyberturvallisuutta koskeva riskienhallinnan toimintamalli Kyberturvallisuuslaki
1.4.1: Management of Information Security RisksTISAX
30 § 3.1°: L'analyse des risques et à la sécurité des systèmes d'informationNIS2 Belgium
ID.GV-4: Governance and risk management processes address cybersecurity risks.CyberFundamentals
14.5.1): Kibernetinio saugumo politika ir rizikos analizėsNIS2 Lithuania
Article 6: ICT risk management frameworkDORA
27.(a): Riska pārvaldība un informācijas sistēmu drošībaNIS2 Latvia
Article 31: ICT risk managementDORA simplified RMF
Art. 24.2.a: Politiche di analisi dei rischi e di sicurezza dei sistemi informativi e di reteNIS2 Italy
Consideration of partner risks in information security risk management
Critical
High
Normal
Low
5
requirements
Risk management and leadership
Risk management

Consideration of partner risks in information security risk management

This task helps you comply with the following requirements

CC9.2: Partner risk managementSOC 2
1.3.3: Use of approved external IT servicesTISAX
30 § 2°: Évaluation des risques et mesures de gestionNIS2 Belgium
19.2.i (ġestjoni tar-riskju): Ġestjoni tar-riskju minn ġewwaNIS2 Malta
12.1: Mesures de sécurité et gestion des risquesNIS2 Luxembourg
Complete these tasks in Cyberday ISMS ->

How to comply with this requirement

In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.

Here's a list of tasks that help you comply with the requirement
Risk management
of the framework  
Task name
Priority
Task completes
Complete these tasks to increase your compliance in this policy.
Critical
31 requirements
No other tasks found.
Complete these tasks in Cyberday ISMS ->

The ISMS component hierachy

When building an ISMS, it's important to understand the different levels of information hierarchy. Here's how Cyberday is structured.

Framework

Sets the overall compliance standard or regulation your organization needs to follow.

Requirements

Break down the framework into specific obligations that must be met.

Tasks

Concrete actions and activities your team carries out to satisfy each requirement.

Policies

Documented rules and practices that are created and maintained as a result of completing tasks.

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Start free trial
Effortless compliance improvement
Widest framework library in EU
Extensive support

Start your compliance journey

Use in MS Teams or use your browser with Slack integration.
Risk free trial. No credit card required. Stop at any time.

Start free 14-day trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templates
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementPrivacy managementVendor assessments
Resources
AcademyWebinarsBlogHelp articlesVideo coursesContent libraryGuidesNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security