Technology Risk Policy Template

Technology Risk Policy – Template 2

Information and the supporting business applications, IT processes, databases and underlying infrastructure are important assets of Company and, like other important assets, must be suitably protected. The availability, integrity and confidentiality of information assets are essential in maintaining our competitive edge, cash flow, profitability, regulatory and legal compliance and respected Company image. Information (Technology) risk is the risk of loss due to inadequate information security, resulting in a loss of information confidentiality and/or integrity and/or availability.

The objective of the Information (Technology) Risk Policy is to provide Company’s approach to managing information (technology) risks and directives for the protection of information assets to all Company organizational units, and those contracted to provide services.

CONTENT

1. OVERVIEW
1.1 PROCEDURE OWNER
1.2 CLASSIFICATION
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.5 OBJECTIVES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. IT RISK ASSESSMENT
3.1 INTEGRATED RISK ASSESSMENT
3.2 INFORMATION RISK ASSESSMENT
3.3 CAPABILITIES REQUIRED FOR PERFORMING IT RISK ASSESSMENTS
4. INFORMATION RISK REDUCTION
4.1 FOUNDATION CONTROLS
4.2 USER ACCESS
4.3 PLATFORM SECURITY
4.4 IT RESILIENCE
4.5 CHANGE MANAGEMENT
4.6 SECURITY MONITORING
4.7 IT SOURCING
4.8 OTHER RISK AREAS
5. RESPONSIBILITIES FOR INFORMATION RISK MANAGEMENT
5.1 HEADS OF BUSINESS
5.2 INFORMATION ASSET OWNERS
5.3 INFORMATION ASSET CUSTODIAN
5.4 TECHNOLOGY INFRASTRUCTURE SERVICE PROVIDERS
5.5 APPLICATIONS DEVELOPERS
5.6 USERS
5.7 INFORMATION RISK MANAGEMENT FUNCTIONS
5.8 COMPUTER INCIDENT RESPONSE TEAM
5.9 COMMITTEES
5.10 CORPORATE AUDIT SERVICES (CAS)
6. EXCEPTIONS
7. FINAL CONSIDERATIONS
7.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
7.2 DOCUMENT REVISION

Pages: 15

Review Technology Risk Policy – Template 2.

Your email address will not be published. Required fields are marked *

Related Products:

€829.99

Purchase

This bundle contains all the products listed in the Risk Management section. Take advantage of the 25% OFF when buying the bundle!

€49.99

Purchase

The objective of this standard is to define the configuration to be met by all servers owned or managed by Company that are located outside of the firewalls. The standards are designed to minimize the exposure to Company from damages that may result from malicious activities from both internal and external entities. Internet facing devices located outside the Company firewalls are considered part of the DMZ.

€49.99

Purchase

Identity and Access Management Standard describes the management of individuals, their authentication, authorization, and privileges within or across system and enterprise boundaries with the goal of increasing security and productivity while decreasing cost, downtime and repetitive tasks.

Get  Your Free Sample

Please use the form below to subscribe to our list and receive a free procedure template!
GET YOUR FREE TEMPLATE
>
close-link