NORS Risk & Control Matrix

Risk & Control Matrix Overview

The attached Risk and Control Matrix (RCM) includes control objectives, risks, illustrative control activities, illustrative testing procedures and illustrative documents that could be provided as evidence during testing. The control objectives are meant to address the relevant risks that have been identified with input across the working group.

Each node operator is responsible for designing their own controls to meet the control objectives. Include within this RCM are example/illustrative control activities that could be used by the node operators. Note that this is not meant to be an exhaustive, one-size fits all list and each operator's control activity set will be unique. Bespoke activities that are not identified within this document may exist that suitably meet the control objectives. It is important for node operators to consider the manner in which these activities meet the objectives and that documentation exists that serves to prove the objectives are suitably met.

Risk & Control Matrix (RCM) Sections

• Cover sheet:

  • Overview of the Node Operator Risk Standard

  • Columns in the RCM and their descriptions

  • Key additional concepts to consider throughout the document

  • Risk reference legend

• RCM (Risk Control Matrix):

  • Control Ojectives

  • Risks

  • Risk Reference

  • Illustrative Control Activity Description, Options and Examples

  • Illustrative Testing Procedures

  • Illustrative Documents for Testing Procedures

• Document Request List:

  • Illustrative list of documents that could be provided as evidence during testing.

View the NORS RCM

The NORS Risk & Control Matrix was last updated on August 27, 2024

View the NORS Risk & Control Matrix here.