ID.RA-06.168

Does your organization have a documented process for communicating risk responses to affected stakeholders in a prioritized manner?

Explanation

This question assesses whether your organization has a formal mechanism to inform relevant stakeholders about how identified risks will be addressed, ensuring those with higher priority are communicated first. Effective risk response communication helps stakeholders understand potential impacts, required actions, and timelines for risk mitigation. Evidence could include a risk communication plan, documented communication workflows showing prioritization criteria, meeting minutes from risk review sessions with stakeholders, or templates used for risk response notifications that demonstrate prioritization methodology.

Implementation Example

Communicate planned risk responses to affected stakeholders in priority order

ID: ID.RA-06.168

Context

Function
ID: IDENTIFY
Category
ID.RA: Risk Assessment
Sub-Category
Risk responses are chosen, prioritized, planned, tracked, and communicated

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron