The Risk Register and Risk Acceptance Agreement support the organization in keeping a grip on risks for which no or no good measure has yet been found to adequately mitigate the risks to an acceptable level for the organization.
The purpose of this document is to give substance to the provisions of section 4.2 of the BIO:
"The organization must have a record of government measures that cannot or cannot yet be fully complied with. These are explains according to the 'comply or explain' principle. The resulting risks shall also be indicated".
Target Audience:
This document is of interest to the CISO and management of the municipality.
View: Guide to Risk Register and Risk Acceptance Agreement (RAO)
This news item can also be found in the files Information Security and Accountability
source: information security service
