Form Category: Risk Management
Related Control: Risk Management
Creation Date: 2022-06-21
Effective Date: 2022-06-21
Last Reviewed Date: 2021-10-01
Scheduled Review Date:  
Version: 2.0
Security Classification: Protected A
Status: Approved
Please note that information classified as Protected (per the Data and Information Security Classification standard) is only accessible to Government of Alberta Employees. External users are therefore not able to download this document. To request access, please contact us:

​The Statement of Acceptable Risk (SoAR) is a vehicle for the information Controller to document risks along with existing and proposed mitigations. The SoAR is also used to identify risks relating to IMT Policy Instruments, exceptions and/or deviations (e.g. temporary patching exemption, modification of security control). SoAR are facilitated and collected by Cybersecurity Services.​​​

Keywords: cybersecurity, risk assessment, risk management, SoAR, acknowledged risk