Back

Include how risk is perceived by the workforce in the analysis of workforce management.


CONTROL ID
12969
CONTROL TYPE
Human Resources Management
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Analyze workforce management., CC ID: 12844

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Analyze the existing climate and individual mindsets about how the workforce perceives risk, its impact on their work and the organization as a whole, and how effectively risk management is integrated with the decision-making and running of the business. (OCEG GRC Capability Model, v 3.0, L3.3 Analyze Risk Culture, OCEG GRC Capability Model, v 3.0)
  • Whatever technique for risk analysis is used, its level of objectivity should be considered. (§ 6.1.2 Guidance ¶ 20, ISO/IEC 27003:2017, Information technology — Security techniques — Information security management systems — Guidance, Second Edition, 2017-03)