The Risk Assessment Policy has five key areas: Purpose, Scope, Policy, Risk Assessment Process, Enforcement.
The purpose describes how the Organization will perform periodic security risk assessments to determine areas of vulnerability and to take appropriate remediation.
The scope describes how risk assessments will be conducted within the Organization or partners that have signed Third Party Agreement with the organization. Conduct risk assessments on IT systems, including applications, servers, and networks and procedures under which these systems are maintained.
The scope describes the organization’s position regarding the risk assessment.
- The Organization and its respective entities are jointly responsible for the execution, development and implementation of remediation programs and the systems area being assessed.
- Employees are expected to cooperate with the Risk Assessment being conducted on the systems for which they are held accountable.
- Employees are expected to work with the Risk Assessment Team in the development of a remediation plan.
4.0 Risk Assessment Process
Describe the risk assessment process, for example:
- Identify critical processes and functions
- Identify threats most likely to impact processes and functions
- Determine the vulnerability of critical functions and processes to those threats
- Prioritize staff deployment and resources in order to maintain continuous operation of critical functions and processes.
Describe how the risk assessment will be enforced, for example:
Employees found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
Provide a table that explains the meaning of project management terms or other acronyms used in this policy.
Entity – Any business unit, department, group, or third party responsible for maintaining the organization’s assets.
Risk – Factors that could affect confidentiality, availability, and integrity of the organization’s information assets and systems. The Organization is responsible for ensuring the integrity, confidentiality, and availability of critical information and assets, while minimizing the impact of security procedures and policies upon business productivity.
Download your Project Plan Template: http://www.klariti.com/templates/Project-Plan-Template.shtml