Introduction and scope
Aim
This policy aims to set out our approach to information risk management.
The purpose of information risk management (IRM)
IRM is a key element of information assurance and the corporate governance of an organisation to:
- ensure risks are considered against organisational benefits
- assist in exploiting information opportunities whilst maintaining confidence and reassurance that risks are appropriately managed