The objective of this policy is to provide a standardized approach and operating instructions for the execution of a company’s IT risk assessment.

This document provides the procedural steps, as well as roles and responsibilities, to perform an IT risk assessment and it applies to applicable stakeholders in the IT department who conduct the IT risk assessment. The assessment will scope in the company’s IT operations and information systems, including applications, servers, networks and applicable processes, by which these systems are administered and/or maintained. This policy becomes effective immediately upon approval.