GV.OC-01.001

Has the organization formally documented and shared its mission statement to provide a basis for identifying risks that may impede that mission?

Explanation

A clearly articulated mission statement helps stakeholders understand the organization's purpose and priorities, which is essential for identifying relevant security risks that could impact core business objectives. When mission statements are properly communicated throughout the organization, security teams can better align their risk assessments with business goals, ensuring that security controls protect what matters most to the organization. Evidence could include: published mission/vision statements on company websites or internal portals, risk assessment documentation that references the mission statement when prioritizing risks, or internal communications that connect security initiatives to the organization's mission.

Implementation Example

Share the organization's mission (e.g., through vision and mission statements, marketing, and service strategies) to provide a basis for identifying risks that may impede that mission

ID: GV.OC-01.001

Context

Function: GV: GOVERN
Category: GV.OC: Organizational Context
Sub-Category: The organizational mission is understood and informs cybersecurity risk management

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub