Risk Strategy

Once an organization has identified a risk, it needs to decide what (if anything) it is going to do about it. This is called its Risk Strategy. The extent to which an organization is prepared to accept a risk is its Risk Tolerance.

The common options are as follows:

In the Risk Assessment Toolkit, the risk strategy is recorded with each Threat to [Item], and displayed in the Risk Register. Management should check the risk strategies identified in the Risk Register to ensure that they match the organization's Risk Tolerance.

Back to Help Index
Purchasing Information