top of page

SecAware materials

SecAware logo

~2 page information security policy on trust.


Trust is a widespread factor, a valuable yet ephemeral information asset and a fragile control. 


Trust-related risks should be managed in the same manner as other information risks - identified, evaluated and treated. Whereas trust and trustworthiness are usually implicit, it is appropriate to draw out and address the trust-related risks associated with particularly important/valuable information assets explicitly. For example, the following are clearly trust-related :

  • Access rights;
  • IT system privileges and various 'overrides';
  • Oversight, plus monitoring and surveillance;
  • Business relationships;
  • Penetration testing;
  • Auditing.


Supplied as an MS Word document, readily customised for your organisation's specific situation.

Trust policy

bottom of page