The Policy on Policy on Information Security and the Protection of Digital Assets states that “each unit shall in consultation with the ITS Information Security department, and others as appropriate, develop an Information Risk Management Program appropriate to the circumstances of the unit, to be approved by the unit head.”
The Divisional Information Risk Management Program Assistance service will provide context-specific consultation services to those Divisions to facilitate the operationalization of a Divisional Information Risk Program to identify, assess, mitigate and monitor risk on an on-going basis as per the Policy.