Risk Management Policy Template


The purpose of this policy is to set out the risk management policy for the company for information security. What is risk management, risk appetite, risk identification and assessment, risk register, risk reporting, risk review, risk treatment, risk evaluation are covered in this policy.

For the document contents see the description below. A document extract is in the images to the left.

You may also like the full ISO 27001 policy template pack for all 26 ISO 27001 policies.


SKU: ISO27001POL23 Category: Tag:

Risk Management Policy Template


The purpose of this policy is to set out the risk management policy for the company for information security.


Risk and risk management as applied to information security and the confidentiality, integrity and availability of company owned, processed, stored and transmitted information.
Risk Management Policy


Information security management for the company is based on appropriate and adequate risk and risk management.

What is risk Management

Risk can be defined as the threat or possibility that an action or event will adversely or beneficially affect an organisation’s ability to achieve its objectives.
Risk management can be defined as the systematic application of principles and approach, and a process by which the company identifies and assesses the risks attached to its activities and then plans and implements risk responses.

Risk Management Policy Template Contents

Document Contents Page 3
Purpose 5
Scope 5
Risk Management Policy 5
Principle 5
What is risk Management 5
Risk Appetite 6
Low Risk Appetite 6
Moderate Risk Appetite 6
Risk Identification and Assessment 7
Risk Register 7
Risk Reporting 7
Risk Review 8
Risk Treatment 8
Risk Acceptance 8
Risk Mitigation 9
Risk Evaluation 9
Policy Compliance 10
Compliance Measurement 10
Exceptions 10
Non-Compliance 10
Continual Improvement 10

High Table ISO 27001 Store

The High Table ISO 27001 store for ISO 27001 policies and ISO 27001 ISMS documents is built on 20 years of experience and real world usage, used to pass hundreds of ISO 27001 audits globally.

Customer reviews


There are no reviews yet.

Be the first to review “Risk Management Policy Template”

You may also like…

Scroll to Top