Third-Party Risk Management:
An impact tolerance statement is a policy document that explains how impact tolerances are created and justified within an organization.
Senior managers and Board members are becoming increasingly responsible for approving and managing impact tolerance statements, providing comprehensive information of impact tolerance risk levels if a severe loss occurs. Identification of this impact tolerance (link to impact tolerance faq page) in the statement provides a contingency if the default recovery efforts were ineffective.
Each organization should have at least one impact tolerance statement in place that covers possible scenarios for issues related to their vendor relationships. The statement should cover a variety of capabilities and should also be tested against a variety of severe scenarios to assure organizations that the statements are prepared and as accurate as possible. By testing impact tolerance statements, companies can also identify areas of additional risk not initially considered.
Share with Your Friends:
