© 2019 IsecT Limited, New Zealand      Get in touch

3½-page generic policy on information risk management.


The goal of information risk management is to optimize the organization’s information risk level in a cost-effective manner.  While it is neither sensible nor feasible to eliminate information risks completely, unacceptable information risks need to be identified and treated appropriately and systematically using the risk management approach described in this policy.


Delivered as an editable MS Word document, easily customized for your organization's specific needs.

Information risk management policy

  • Template policy on information risk management


    See also the security policies on:

    • Information governance
    • Information ownership
    • Information classification
    • Information integrity
    • Information retention
    • Information disposal
    • Backups and archives
    • BCM Business Continuity Management
    • IPR Intellectual Property Rights
    • Oversight
    • Assurance
    • Incident reporting
    • Incident management