Introduction
An Information Risk Management (IRM) policy serves as top-level management’s written commitment to ensuring that any risks identified in the Risk Analysis (RA) process are addressed as far as reasonably practicable. Such a policy is fundamental to the success of the myriad of processes and technologies needed to ensure adequate IRM, whether driven by management’s own risk handling strategies or strategies mandated by industry regulation, or indeed, national security interests.
Conduct
Data Dialogues has broad experience of the drivers for IRM policies and is thus able to support the development of client policies in accordance with:
- ISO27001/BS7799
- BS25999
- HMG Manual of Protective Security
- UKMoD Defence Manual of Security (JSP440)
- Sarbanes Oxley
- MiFID
- PCI DSS
