Cybersecurity Risk Management Methodology And Procedures Must Be Defined, Documented And Approved As Per Confidentiality, Integrity And Availability Considerations Of Information And Technology Assets.

The Cybersecurity Risk Management Methodology And Procedures Must Be Implemented By The Cybersecurity Function.

1. The cybersecurity risk assessment procedures must be implemented at least in the following cases:
1. Early stages of technology projects
2. Before making major changes to technology infrastructure.
3. During the planning phase of obtaining third party services.
4. During the planning phase and before going live for new technology services and products.

The Cybersecurity Risk Management Methodology And Procedures Must Be Reviewed Periodically According To Planned Intervals Or Upon Changes To Related Laws And Regulations. Changes And Reviews Must Be Approved And Documented.