Creation Date:  2022-06-21
Category:  Risk Management
Effective Date:  2022-06-21
Type:  Procedures
Last Reviewed:  2022-06-21
Version:  1.0
Scheduled Review Date: 2024-06-21
Security Classification:  Protected A
Status:  Approved


​​​​The Statement of Acceptable Risk (SoAR) is a vehicle for the information Controller to document risks along with existing and proposed mitigations. The SoAR is also used to identify risks relating to IMT Policy Instruments, exceptions and/or deviations (e.g. temporary patching exemption, modification of security control). SoAR are facilitated and collected by Cybersecurity Services.​​

Keywords: CISO, risk assessment, risk management, SoAR, acknowledged risk