IT Risk Assessment Policy

Updated Annually

Purpose

This document explains the Company’s Risk Assessment policies and procedures. This policy empowers the Information Security Officer (ISO) or Data Protection Office (DPO) to perform periodic information security risk assessments (RAs) for the purpose of determining areas of vulnerability, and to initiate appropriate remediation.

Scope

RAs may be conducted on any Entity within the Company or any outside Entity that has signed a Third Party Agreement with the Company.

RAs may be conducted on any information system to include: applications, servers, and networks, and any process or procedure by which these systems are administered and/or maintained.

Authority and Enforcement

The Company’s Information Security Officer (ISO) is responsible for the development and oversight of these policies and standards.

The ISO works in conjunction with management, the Information Technology (IT) department, and others for the development, monitoring, and enforcement of these policies and standards.

Policy

The execution, development, and implementation of remediation programs are the joint responsibility of the IT department and the department responsible for the systems area being assessed.

Employees are expected to cooperate fully with any RA being conducted on systems for which they are held accountable.

Employees are further expected to work with the IT Risk Assessment Team in the development of a remediation plan.

Process

The Risk Assessment Management process defines steps that need to be taken to assess and remediate each security threat found during assessments. It needs to be be documented and implemented each time a few threat is discovered (for instance 0 day threat in third party). RA’s may be conducted on any information system to include: applications, servers, and networks, and any process or procedure by which these systems are administered and/or maintained.

Each time a threat is discovered, a document must be drafted and documented the following steps must be followed:

Identify the source of the threat
Describe existing controls
Assess the possible consequence, likelihood, and select the risk rating
Provide recommendations
Schedule remediation and responsibility
Verify remediation in stage and production environments.

Enforcement

Staff members found in policy violation may be subject to disciplinary action, up to and including termination.

ID Card App

Digital ID Card Solution

App Security

Types of ID Cards

App Accessibility

Multi-Language Support

Identity Authentication

Types of ID Card Apps

ID Management Platform

Design Mobile ID Cards

Import Card Data

ID Photo Management

Design & Print Physical ID Cards

Issue Digital IDs via Email

Manage Issued ID Cards

Integrations

Cloud Card Printing

Card Data Sync

View All Integrations

Resources

Resources

Support

Get In Touch

Company

About Us

Contact Us

Partner With Us

IT Risk Assessment Policy

Purpose

Scope

Authority and Enforcement

Policy

Process

Enforcement

RESOURCES

LEGAL

COMPANY

ACCOUNT

GET SOCIAL