Skip to main content

4. Applicable Policies

Policies serve as guiding principles that define expectations, responsibilities, and boundaries for managing cybersecurity risks effectively.

The Applicable Policies section establishes the foundation for aligning risk assessment activities with the organisation's existing governance framework.


In this section, you will:

  • Identify relevant policies that apply to the current risk assessment demand.
  • Ensure alignment between the risk assessment and organisational governance requirements.
  • Clarify responsibilities and expectations for compliance with these policies.

To link new policies or controls:

  • Click the ** '+' button** on the right.
  • Select or define the relevant policy documents or control measures applicable to the risk being assessed.
  • Repeat the process as needed to include all relevant policies or controls.

By mapping risks to specific policies, organisations ensure clarity, accountability, and alignment with established cybersecurity and regulatory frameworks.