Decision
IT service used and additional assessment from IT required?
Define risk response ICS ERM