3½-page generic policy on the management of information risk.
The goal of information risk management is to optimize the organization’s information risk level in a cost-effective manner. While it is neither sensible nor feasible to eliminate information risks completely, unacceptable information risks need to be identified and treated appropriately and systematically using the risk management approach described in this policy.
Delivered as an editable MS Word document, easily customized for your organization's specific needs.
Information risk management policy
Template policy on information risk management
See also the security policies on:
- Information governance
- Information ownership
- Information classification
- Information integrity
- Information retention
- Information disposal
- Backups and archives
- Business Continuity Management
- Intellectual Property Rights
- Oversight
- Assurance
- Incident reporting
- Incident management
- Cybersecurity
- Physical security
- ... the entire security policy suite in fact!
The license covers internal use within a single organisation. Please get in touch if you'd like to incorporate the SecAware content in your systems or services provided to third parties.