CRISC - Governance - Section 1.5
Identify legal, regulatory and contractual requirements that shape the IT risk programme.
Identify the legal obligations, regulatory compliance requirements, and contractual requirements - including privacy law - that define the minimum control baseline for an IT risk programme. Recognise that failure to map these external demands into the risk register creates unmanaged compliance exposure.
Regulatory complianceLegal obligationsContractual requirementsPrivacy law
More in this domain
Back to all Governance objectives, or the CRISC cert hub.
Examworthy is not affiliated with or endorsed by ISACA. Original, blueprint-aligned practice material only.