The IT Law Wiki

Risk transfer

32,062pages on
this wiki
Add New Page
Add New Page Talk0

Definitions Edit

Risk transfer is

[a] risk-handling option that reallocates system requirements or design specifications between different system elements in order to reduce overall system risk, system element risk, or process risk.[1]
[a] risk-handling option that shares selected program risks between the government and the prime system contractors by means of various contractual arrangements.[2]
[a] risk-handling option that shares select program risks between government agencies involved in the acquisition process by means of Memorandums of Understanding (MOUs) or similar Memorandums of Agreement (MOAs).[3]
enable[s] risk decisions for specific organizational missions and business functions through policies, contracts, and agreements. Risk transfer strategies consider and take full advantage of transferring the potential impact across internal or external organizations. Transferring risk involves delegating full responsibility or accountability.[4]
[an] action taken to manage risk that shifts some or all of the risk to another entity, asset, system, network, or geographic area.[5]

Overview Edit

"Risk transfer may refer to transferring the risk from asset to asset, asset to system, or some other combination, or shifting the responsibility for managing the risk from one authority to another (for example, responsibility for economic loss could be transferred from a homeowner to an insurance company). Risk transfer is one of a set of four commonly used risk management strategies, along with risk control, risk acceptance, and risk avoidance."[6]

References Edit

  1. Department of Defense, Glossary of Defense Acquisition Acronyms and Terms (14th ed. July 2011) (full-text).
  2. Id.
  3. Id.
  4. Electricity Subsector Cybersecurity Risk Management Process, App. G, at 84.
  5. DHS Risk Lexicon, at 32.
  6. Id.

Also on Fandom

Random Wiki