This document gives requirements and recommendations for establishing, implementing, maintaining and continually improving a cyber risk assessment system within the context of a company’s security management system (SMS).

All the elements for compliance with this document can therefore be traceable within the SMS by direct inclusion or reference.