Documenting the results of the initial or high-level risk assessment is crucial to establish a baseline for cybersecurity posture and risk. This baseline serves as a reference for tracking progress, justifying future investments, measuring improvements, and supporting subsequent detailed risk assessments. It also aids in communication with stakeholders and auditors.
[Reference: ISA/IEC 62443-2-1:2009, Section 5.2.3 (“Documenting results and baseline”); ISA/IEC 62443-3-2:2020, Section 4.3.4., , ]
Submit