top of page

SecAware materials

SecAware logo

~4-page information security policy template on business relationships.


The policy is about managing the information risks associated with maintaining cordial relations and transferring or exchanging information with third parties such as suppliers, partners, customers and the authorities.


Information risk must be taken into account when managing business relationships and exchanging information with third parties.  The risk must be evaluated and treated e.g. mitigating unacceptable risks using suitable information security controls.  Baseline information security controls may be sufficient to protect exchanges of general, relatively inconsequential information , perhaps even for small amounts of more significant information, but stronger security controls are generally appropriate to protect the routine exchange of particularly valuable and/or sensitive information (e.g. in cloud computing).


Supplied as an MS Word document, readily customised for your organisation's specific situation.

Business relationships policy

bottom of page