Discussion threads

Post Reply
Forum Home > Program Management Professional (PgMP) > As per SPM V3 explain the statement "risk profiles may be expressed in policy statement or revealed in actions". How risk profiles may be expressed in "revealed actions" ?

Site Owner
Posts: 57

"Risk profiles" may vary from organization to organization based on the risk exposure in their business environment & risk appetite and several other factors. For example in a banking domain where it considers to be a high risk business zone organization wide ISO 270001 Information security management practices will be followed. Many banks / financial institutions follow this and they are officialy certified. So, in this context the bank's risk management process / policy statements will also reflect the ISO 270001 guidelines and the programs which are undertaken within the bank are expected to be compliant with these standards.

A simple example for an organization who follows ISO 270001 standard will ensure all their employee to display their Employee access card when they are at work.

February 3, 2015 at 4:32 AM Flag Quote & Reply

You must login to post.