Risk tolerance is the best term to describe the situation where an organization has agreed to a 99% availability for its online services and will not accept availability that falls below 98.5%. Risk tolerance is the amount and type of risk that an organization is willing to accept in order to achieve its objectives. Risk tolerance defines the acceptable variation in outcomes related to specific performance measures, such as availability, reliability, or security. Risk tolerance is usually expressed as a range, such as 99% +/- 0.5%. Risk mitigation, risk evaluation, and risk appetite are not the correct terms to describe this situation, because they refer to different aspects of risk management, such as reducing, assessing, or pursuing risk, respectively. References = Risk and Information Systems Control Study Manual, Chapter 1, Section 1.2.1, page 1-8.