How Often Should We Assess Risk

Clients often ask, “How often should we do a risk assessment?” The answer for most frameworks, is at least once per year. However, our environments are constantly changing. We might go from a data center environment to a cloud-based environment, or we might bring on a new major vender within our organization. Each time we have one of these major changes, that introduces new risk into the environment. When those changes occur, it is important for us to re-evaluate our risk assessment and consider the new risks that might come into play. So, the biggest thing to remember is that while most frameworks do require an annual risk assessment, we highly recommend that any time there is a major change in your environment, you go ahead and revisit, and redo that risk assessment, based on your new environment. 

Related Videos