Process of comparing the results of risk analysis with risk criteria to determine whether the risk and/or its magnitude is/are acceptable or tolerable.
Source(s):
NIST SP 800-160v1r1
from
ISO Guide 73