IVI Framework Viewer

Process

Capability Building Blocks

C1Assessment
Identify subject matter experts (SMEs) for risk assessments. Run risk assessments to identify, document, evaluate exposure to, and quantify/score risks and their components. Record the results in a risk register.
C2Prioritization
Prioritize inherent and residual risks and risk response/treatment strategies, based on the organization's risk tolerance — that is, the risk levels that are acceptable to the organization.
C3Response/Treatment
Assign ownership to prioritized risks, and assign responsibility and accountability for developing risk response/treatment strategies. Initiate implementation of risk response/treatment strategies, where risks can be avoided, accepted, mitigated, or transferred. Interact with incident management functions.
C4Monitoring
Track identified risks, and validate the effectiveness of the risk treatment strategies.