SecAware materials

SecAware logo

~4-page information security policy template on business relationships.


More specifically, the policy is about managing the information risks associated with maintaining cordial relations and transferring or exchanging information with third parties such as suppliers, partners, customers and the authorities.


Information risk must be taken into account when managing business relationships and exchanging information with third parties.  The risk must be assessed and treated e.g. mitigated using suitable information security controls.  Baseline information security controls may be sufficient to protect exchanges of general, relatively inconsequential information (such as many emails), perhaps even for small amounts of more significant information, but stronger security controls are generally appropriate for the routine exchange of particularly valuable and/or sensitive information (such as with cloud computing).


Supplied as an MS Word document, readily customised for your organisation's specific situation.

Business relationships policy