The strategy in so far as Risk Management took place within my field of work was to apply the GDS risk management process strategically in a way to suit each project.
Result : The ongoing remediation was agreed with projects and permission to proceed and the risk report review date defined. This was to ensure that all projects at initiation and during their lifetime were within the Risk Appetite for the data being processed. This became the strategic pattern for risk management of all projects in GDS. This was effectively delivering the kind of functionality , project by project, that would be defined under an Information Security Management System ( ISMS) under ISO27001:2013 CCP