Risk Assesment Policy for Project 20265

Contents

1.      Purpose. 3

2.      Scope. 3

3.      Policy. 3

4.      Policy Compliance. 3

5.2        Exceptions. 3

5.3        Non-Compliance. 3

6       Related Standards, Policies and Processes. 3

7       Definitions and Terms. 3

8       Revision History. 4

9    Acknowledgement 4

1.     Purpose

To empower Infosec to perform periodic information security risk assessments (RAs) for the purpose of determining areas of vulnerability, and to initiate appropriate remediation.

This document has been based on the Sans Template provided by CQU in Moodle.

2.     Scope

Risk assessments can be conducted on any entity within SaveTheChildrens’ or any outside entity that has signed a Third Party Agreement with SaveTheChildrens’. RAs can be conducted on any information system, to include applications, servers, and networks, and any process or procedure by which these systems are administered and/or maintained.

3.     Policy

The execution, development and implementation of remediation programs is the joint responsibility of Infosec and the department responsible for the system area being assessed. Employees are expected to cooperate fully with any RA being conducted on systems for which they are held accountable. Employees are further expected to work with the Infosec Risk Assessment Team in the development of a remediation plan.

For additional information, go to the Risk Assessment document.

4.     Policy Compliance

  • Compliance Measurement

The Infosec team will verify compliance to this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback to the policy owner.

5.2  Exceptions

Any exception to the policy must be approved by the Infosec team in advance.

5.3  Non-Compliance

An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

6       Related Standards, Policies and Processes

  • Risk Assessment Process
  • Third Party Agreement

7       Definitions and Terms

None.

8       Revision History

Date of ChangeResponsibleSummary of Change
1 August 2021COIT20265 group 10Used Sans template to form the policy structure
5 August 2021COIT20265 group 10Modified to adhere to SaveTheChildrens’ charity org purpose
10 August 2021COIT20265 group 10Added policy statement
1 September 2021COIT20265 group 10Modified structure of the document

9    Acknowledgement

This document is based on Sans Templates provided by CQU university in Moodle under Student Resources.