These are default ratings based on the mitigation of risks associated with each control using the following criteria:
Ratings:-
A: 0% open risk against the control, some risks using the control
B:<=25% open risks, some risks using the control
C: 26-75% open risks, some risks using the control
D: 76-100% open risks or any open high risk(s), some risks using the control
E: Exception, control Not Applicable
P: Pending, applicable but no risks identified against the control or other incomplete fields, eg reference documents, responsibility or justification or risk reference
