Assessment details

Update Exposure, Control maturity, and Risk for the selected category. Priority is always calculated from those three inputs.

Selected assessment
Category

Information Security (including Cyber)

Assessment inputs
Exposure
Suggested: Very high
Control maturity
Suggested: Weak
Differs from suggestion
Risk
Suggested: Very high
Differs from suggestion
Resulting priority
Watchlist

Priority is calculated from the current Exposure, Control maturity, and Risk selections.

Assessment rationale
Why suggested?
  • Lower-level units show elevated exposure
  • Control maturity is weaker in one or more lower-level units
  • At least one lower-level unit remains at higher residual risk
  • Assessment differs across lower-level units
Based on lower-level assessments
Entire company
Company
ExposureVery high
ControlStrong
RiskHigh
Corporate Services
Division
ExposureVery high
ControlWeak
RiskVery high
Operations
Division
ExposureMedium
ControlModerate
RiskMedium