At our last IT exam the examiner recommended that we have a formal risk assessment policy. He said it doesn't have to be more than a couple of pages long. The ones I have are at least 10 pages and I'm not sure what to leave out. Does anyone have one they can share? Thank you.
Previous Thread
Index