A risk management framework (RMF) is the structured process used to identify potential threats to an organization. If you deal with Government data you usually enter into an agreement that you comply with one these frameworks.
A standard framework in the industry is NIST Framework
This involves detailing all parts of your company in a questionnaire such as the below
https://watkinsconsulting.com/our-projects/nist-csf-excel-workbook/
After this, you will have a list of risks ( Risk Register ) and the Maturity levels for each Function
![NIST_CSF[1].jpg](https://images.squarespace-cdn.com/content/v1/5e3af6fc8b0fb76851c5cb4f/1599887376477-0KDKE0GEOVYOQ90V109G/NIST_CSF%5B1%5D.jpg)
If you do not need to currently comply with a Framework, we recommend self-evaluating your company with the below simple tool