top of page

SecAware materials

SecAware logo

~3-page information security policy template on the management of information risk.


The purpose of information risk management is to identify, evaluate and treat (deal with) the organisation’s information risks in an appropriate, cost-effective manner.  While it is not feasible to eliminate information risks completely, they can generally be minimised or at least contained using the approach described in this policy template.


Supplied as an MS Word document, readily customised for your organisation's specific situation.

Information risk management policy

bottom of page