GRC Risk Mitigation Questions Object

You must create Questions and assign Risk Values, Question Weight, and Question Sequence to use the Risk Assessment form.

GRC Risk Mitigation Questions and Threat Analysis Questions populate the Risk Assessment. We recommend that you align Risk Assessment Questions with current industry standards such as FedRAMP:2014, ISO 27001:2013, or ISO 9001:2015.

To provide Object data for the GRC Risk Mitigation Questions Object:

1. On the CSM Desktop Client or Browser Client menu bar, select Tools > Table Management.
2. In the Type drop-down list, select GRC Risk Mitigation Questions.
3. Create a new Risk Mitigation Question or edit an existing question.
   • Create a new Risk Mitigation Question:
     1. Right-click and select New, or select New from the tool bar.
     2. Provide an industry standard question title and question details.
     3. Select the question type.
     4. Provide a numeric risk value and sequence number based on industry standards.
     5. Select a value from the GRC Risk Assessment Type drop-down list.
   • Edit an example question:
     1. Double-click any risk mitigation question.
     2. Edit desired fields, and then select Save.
4. Repeat steps 1-4 above for GRC Threat Analysis Questions.