PM-29 Risk Management Program Leadership Roles

Program Management

New in Rev 5

Description

a. Appoint a Senior Accountable Official for Risk Management to align information security and privacy management processes with strategic, operational, and budgetary planning processes; and b. Establish a Risk Executive (function) to view and analyze risk from an organization-wide perspective and ensure management of risk is consistent across the organization.

Supplemental Guidance

The senior accountable official for risk management leads the risk executive (function). The risk executive (function) coordinates with senior leadership of the organization to: provide a comprehensive, organization-wide, holistic approach for addressing risk; provide oversight of all risk management-related activities across the organization; and ensure that risk-related considerations for individual systems are viewed from an organization-wide perspective.

Changes from Rev 4

New control in Rev 5. Risk management leadership formalized.

Compliance Mappings

ISO 27001:2022

5.1A.5.4

ISO 27002:2022

5.4

PRA Operational Resilience

SS1/21-3.2

BIO2

5.4

RBI CSF

Annex1.11ITGRCA.10

HKMA TM-E-1

TME1.2.1TME1.2.4

DNB Good Practice

DNB.5.1

SAMA CSF

1.11.8

NCA ECC

1-11-21-4

UAE IA

CBB TM

TM-1

CBUAE

CR-1

CBE CSF

GOV-1GOV-2

SA JS2

JS2-4

CBN CSF

Part1.1Part1.2

BoG CISD

CISD-II

BoM CTRM

1.11.2

BCBS 239

Principle 1

CPMI-IOSCO PFMI

CG.GOVPFMI.P2

FFIEC IS

I.B

NYDFS 500

500.4

ECB CROE

CROE.2.1.1CROE.2.1.2

EBA ICT Guidelines

3.2.13.3.1

SEBI CSCRF

GV.RM

CBEST

CBEST.1

TIBER-EU

TIBER.PREP

Solvency II

Art.41(1)Art.44(1)DR.258DR.260EIOPA-ICT-4.1

Lloyd's Minimum Standards

CRM.1GOV.1MS10.1MS8.1

NAIC Insurance Data Security

PRA SS1/23

P2.1

FCA SYSC 13

SYSC 13.1-2SYSC 13.6.3SYSC 13.G.1

ISO 27799

6.1

NHS DSPT

NDG-1.2