3.3.3 Assess Risks and Impact Control Objectives
Understanding risks and assessing their impact is core to the accountability process there would be no need for accountability if one could provide a total and absolute guarantee that all these obligations are met. These control objectives address the identification and understanding of risks and impact at both the level of the organisation and at the level of the offerings.
|
Identifier |
Control Objective |
Lifecycle Phase |
|
1.02 |
Define the "internal criteria" (e.g. criteria derived from ethics, morals, values, personal targets, professional norms, perceived social role [19]) for the organisation. Understand the risks associated with the operation of the business in regards to the obligations. Define a risk appetite used as guidance for operational decisions, taking into account the nature of the obligations. Perform the associated risk and impact assessments. |
1+2 - Governance |
|
1.10 |
Define organisational standards for the analysis processes (e.g. impact assessment, risk assessment) in regards to accountability and obligations, for use in the Analyse and Design phase of the lifecycle. |
1+2 - Governance |
|
3.02 |
Perform a risk analysis and associated impact assessment based on accountability requirements. |
3 - Analyse and Design |
Download the preliminary release of the Cloud Accountability Reference Architecture and the relevant A4Cloud Toolkit.
