For copyright reasons, this space does not contain citations from the Standard.
Write down the organization's method for risk analysis.
Our risk assessment process is based on SPRINT and is defined here: Risk assessment and treatment process.
Is the risk assessment process still accurate? Are the risk levels in the identified risks according to the process?
Is the implementation still accurate? Consult with management if needed. Report any findings below in the comments, or upload proof as attachment to this page.