SecAware materials

SecAware logo 150 animated ezgif.gif

~3-page information security policy template on the management of information risk.


The purpose of information risk management is to identify, evaluate and treat the organization’s information risks in an appropriate, cost-effective manner.  While it is neither sensible nor feasible to eliminate information risks completely, unacceptable information risks must be managed using the approach described in this policy.


Note: despite the focus on 'security' and the current obsession with 'cyber', a wider perspective suggests other, more creative and more effective ways to deal with information risks.  Security controls are necessary but not sufficient.


Delivered as an editable MS Word document, easily customized for your organization's specific needs.

Information risk management policy