Evaluations, Assessment, and Maintenance of Risk ControlsWhen the control strategy has been implemented, it should be monitored and measured on an ongoing basis to determine effectiveness of security controls and accuracy of estimate of the residual risk. The following Figure shows how this cyclical process is continues for as long as the organization continues to function.