Risk Assessment Policy
Defines requirements and authorizes the information security team to identify, assess and remediate risks to the organization's information infrastructure. [MS Word]