Article 11 — Risk mitigation

Non-verbatim orientation notes. See regulation sources for authoritative text.

Summary

  • Focus: actions and controls to address risks identified by the assessment.
  • Typical themes: applying additional controls, seeking further information, constraining sourcing, or other mitigation steps until risk is acceptable.
  • Audit intent: confirm mitigation actions are traceable to risks and supported by documented evidence.

Related links