Information risk management policy

Risk appetite

Risk appetite is an expression of the type and amount of risk we are prepared to take in delivering our services. It must consider that available resources to manage risk are not infinite. Therefore the aim is to adopt an approach which is appropriate.

Information risk is unavoidable. We must adopt an approach to managing risk which is reasonable and pragmatic. The amount of risk which is judged to be tolerable and justifiable is the risk appetite.

To determine our information risk appetite several internal and external factors have been considered:

  • the type and amount of information we process
  • the internal and external threats posed to our information and information systems
  • the harm and, or distress that could be caused to individuals
  • the negative impact on the delivery of our services
  • our legal obligations, for example the Data Protection Act 2018 and UK GDPR
  • the financial loss that we could face
  • the reputational damage that could be caused and the subsequent undermining of public confidence in how we manage and protect information
  • opportunities which may enhance the effective delivery of services   

Considering the above factors the risk appetite for information risks is Cautious.

The following table presents the corporate risk appetite levels:

Appetite levels Description

Averse
  • safe delivery options
  • not willing to accept risk in most circumstances
  • reluctant to take action given uncertainty
  • highly likely to be influenced by experience
Cautious
  • willing to accept some risk – but prefer safe options
  • minimising risk exposure with tight corporate controls over change
Creative and aware
  • creative and open to considering all potential delivery options
  • well measured risk taking whilst being aware of the impact of its key decisions
  •  ‘no surprises’ risk culture
Opportunist
  • collaborative approach to recognise and drive the opportunities that lead to the development of economic and business sustainability and improvement
  • not taking the tried and tested route
  • looking for upside risk
Hungry
  • willing to accept opportunities and delivery options with high inherent risk
  • recognise that not all risks will be known

Further Information

For further information email IA@lincolnshire.gov.uk

Print this document