What is a component of a risk assessment?

Risk assessment examines not only the technical and physical defenses but also how the organization governs security and guides behavior. Administrative safeguards represent the policies, procedures, training, and governance that shape how risk is identified, analyzed, and mitigated. These management controls set the framework for who can do what, how changes are approved and tracked, how incidents are handled, and how personnel are educated about security. Without this governance layer, even strong technical controls or physical protections can be misused or ignored, so administrative safeguards are a fundamental component of a comprehensive risk assessment. Incident response planning, for example, is part of this administrative governance, illustrating how the organization will act when an incident occurs.