ISC2 Risk Committee

Committee Charter

The ISC2 Risk Committee assists with oversight of the association’s risk management tolerances, policies and high/critical enterprise risks. The committee’s objectives are to assist the Board of Directors in meeting ISC2 governance obligations, specifically with response to its oversight of ISC2 management of its business risks.

In carrying out its responsibilities, the Risk Committee shall:

  1. Review overall risk tolerances and appetites and recommend to Board for approval and periodic updates.
  2. Satisfy itself about the assessment of enterprise risks via regular updates.
  3. Monitor the management of High risks to ensure that appropriate controls are in place.
  4. Approve major decisions, considering ISC2 risk profile or exposure.
  5. Make recommendations to the Board on all or any of the above matters, and other functions as the Board may resolve to impose on the Committee from time to time.