Creation Date:  2022-06-21
Category:  Risk Management
Effective Date:  2022-06-21
Type:  Procedures
Last Reviewed:  2022-11-23
Version:  2.0
Scheduled Review Date: 2024-06-21
Security Classification:  Protected A
Status:  Approved

Please note that information classified as Protected (per the Data and Information Security Classification standard) is only accessible to Government of Alberta Employees. External users are therefore not able to download this document. To request access, please contact us:

The Statement of Acceptable Risk (SoAR) is a vehicle for the information Controller to document risks along with existing and proposed mitigations. The SoAR is also used to identify risks relating to IMT Policy Instruments, exceptions and/or deviations (e.g. temporary patching exemption, modification of security control). SoAR are facilitated and collected by Cybersecurity Services.​​

Keywords: cybersecurity, risk assessment, risk management, SoAR, acknowledged risk