Risk Management Policy

Risk Management Policy

1 Policy Statement

To meet the enterprise business objectives and ensure continuity of its operations, XXX shall adopt and follow well-defined and time-tested plans and procedures, to ensure timely management of organizational risks. Employees are expected to cooperate fully with any Risk Assessment being conducted on systems for which they are held accountable. Employees are further expected to work with the Risk Assessment Team in the development of a remediation plan. The policy, and respective procedures, guidelines & forms shall be available to the CISO and members of senior management.
  
2 Definitions

Entity – Any business unit, department, group, or third party, internal or external to XXX, responsible for maintaining assets.

Risk – Those factors that could affect confidentiality, availability, and integrity of XXX’s key information assets and systems. The Risk Assessment Team is responsible for ensuring the integrity, confidentiality, and availability of critical information and computing assets on networks, while minimizing the impact of security procedures and policies upon business missions.
3 Purpose
The purpose of this policy is to identify areas of risk on a timely manner and manage them to ensure continuity of business processes.The execution, development and implementation of remediation programs are the joint responsibility of the IT Infrastructure management team and the department responsible for the systems area being assessed. Employees are expected to cooperate fully with any RA being conducted on systems for which they are held accountable. Employees are further expected to work with the Risk Assessment Team in the development of a remediation plan.
4 Scope

4.1 IT Assets

This policy applies to the entire IT Infrastructure.

4.2 Documentation

The Policy documentation shall consist of Risk Management Policy, Risk Assessment and Treatment Procedure, and related guidelines.
4.3 Document Control
The Risk Management Policy document and all other referenced documents shall be controlled. The version control shall be to preserve the latest release and the previous version of any document. However, the previous version of the documents shall be retained only for a period of two years for legal and knowledge preservation purpose.
4.4 Records
Records being generated as part of the Risk Management Policy shall be retained for a period of two years. Records shall be in hard copy or electronic media. The records shall be owned by the respective system administrators and shall be audited once a year.
4.5 Distribution and Maintenance
The Risk Management Policy document shall be made available to all the employees covered in the scope. All the changes and new releases of this document shall be made available to the persons concerned. The maintenance responsibility of the Risk Management Policy document will be with the CISO and system administrators.
5 Privacy
The Risk Management Policy document shall be considered as “confidential” and shall be made available to the concerned persons with proper access control. Subsequent changes and versions of this document shall be controlled.

6 Responsibility
The CISO / designated personnel is responsible for proper implementation of the policy.
7 Policy
Risk Management Plan shall be drawn by the management which shall identify the people within XXX who will perform risk assessment operations. For this purpose, the events (or series of events) which cause disruption to business processes shall be identified. The risk assessment shall consider probability and impact of such disruptions in terms of time, scale of damage and recovery period. The risk assessment shall identify, quantify and prioritize risks against criteria and objectives relevant to the organization, including critical resources, impacts of disruptions, allowable outage times and recovery priorities. Based on the results of the assessment, business continuity strategy shall be outlined for XXX to determine overall approach to business continuity.The execution, development and implementation of remediation programs are the joint responsibility of the IT Infrastructure management team and the department responsible for the systems area being assessed. Employees are expected to cooperate fully with any RA being conducted on systems for which they are held accountable. Employees are further expected to work with the Risk Assessment Team in the development of a remediation plan.
8 Enforcement
Any employee found to have violated this policy may be subjected to disciplinary action in line with the HR Policy.
 
 
-------------------------------------------------------------------------------------------------------------------------------
hr documents, hr forms and formats, SOPs, policies and procedures, reports and hr template, Human Resources, HR, HRM, OHSMS, HRBP, ISO, Health and Safety,  job Interview, Jobs, Nebosh, Labour Law, Talent Management, Social Compliance, AI, HRIS, succession Planing, Training in BD, Human resources management in Bangladesh. strategic Human resource management, hr executive, etc format form https://www.resourceacademiabd.com ,
hr business partner, role of hr business partner, function of hrbp, hrbp, hrbp challenges, hr business partner model, hrbp certification, why hrbp is important,Human resource Planning, management, hrm, human resource management, Importance of HRM, Purposes of Human Resource Planning, The process of manpower planning, process of hr Planning, The Planning Process, http://resourceacademia.com/ HR supply forecast, HR programming,
HR demand, The HRP Process, HR Plan Implementation, Training and Development, Retraining and Redeployment, Retention Plan, Performance appraisal, Downsizing plans, Control and Evaluation, Multicultural workforce , Organizational changes, Technical changes in the society, Employment, Factors affecting Human Resource Planning in an organization, Factors in forecasting HR needs,
 
----------------------------------------------------------------------------------------------------------------------------------

 

 
Search all kinds of HR documents, HR form & format, HR template, HR policy and procedure, HR articles, social compliance, Labor law, Nebosh, Health & Safety policy & procedure, OHSMS ect Please click here: Resource Academia: https://www.resourceacademiabd.com/ or https://resourceacademia.com/
 
Search all kind of Bangla Book, English Book, text book, Health & Safety book, Nebosh, IOSH certification study materials, Bangla novels, short story book in PFD format for free, Please Click here, Bangla Book Bd: https://www.banglabookbd.com/
 
Search your jobs, Chittagong jobs, employment, and placement. Please click here: CTGJOBS.COM        or https://ctgjobsbd.blogspot.com/
 

Resource Academia Youtube Channel: Resource Academia
Free PDF Bangla book: Bangla Book BD
Free HR Articles: Resource Academia
Free HR resources: Resource Academia
JOBS Portal: CTGJOBS.COM

----------------------------------------------------------------------------------------------------------------------------------