From the 2021 IBM’s report, cyber-resilience for small organisations includes:

Outsourcing the cybersecurity function to external providers

Increasing the complexity of internal monitoring procedures

Investing in training and education for employees

According to ISO standards, a risk management cycle is as follows:

risk identification > analysis > evaluation

risk assessment > evaluation > treatment

risk reporting > monitoring > communication

Risk evaluation allows to:

Support strategic decision making

Comprehend the nature of the risk

Recognize and describe the source of the risk

Quality assurance applies to:

both

people

processes

A summative evaluation:

is a benchmark evaluation between expectations, performance standards and actual achievements

is a standard monitoring process implemented before financial reporting

is intended to rank the likelihood and impact of a given risk