~2 page information security policy on trust.
Trust is a widespread factor, a valuable yet ephemeral information asset and a fragile control.
Trust-related risks should be managed in the same manner as other information risks - identified, evaluated and treated. Whereas trust and trustworthiness are usually implicit, it is appropriate to draw out and address the trust-related risks associated with particularly important/valuable information assets explicitly. For example, the following are clearly trust-related :
- Access rights;
- IT system privileges and various 'overrides';
- Oversight, plus monitoring and surveillance;
- Business relationships;
- Penetration testing;
Supplied as an MS Word document, readily customised for your organisation's specific situation.