You are completing your business continuity planning effort and have decided that you want to accept one of the risks. What should you do next?

Whenever you choose to accept a risk, you should maintain detailed documentation of the risk acceptance process to satisfy auditors in the future. This should happen before implementing security controls, designing a disaster recovery plan, or repeating the business impact analysis (BIA).