Create a "maximum" level of risk

[eurodude]

Some regulators need to ability to set a maximum level of risk. If a risk is above that level, it needs to be treated. That level might not be the same for all assets in a risk assessment. (vulnerability level)

The specific asset needs to have risks that are lower than value XX for example and thus it will be set in the risk model. So that when a risk assessment is performed, it is know what the necessary compliance level needs to be and thus recommendations should be chosen appropriately.