Policy

9:020 Risk to Information Assets

Data and information which is collected, analyzed, stored, communicated, and reported upon may be subject to theft, misuse, loss and corruption.

Data and information may be put at risk by lack of training, misuse, and the breach of security controls.  Information security incidents can give rise to embarrassment, financial loss, non-compliance with standards and legislation, as well as possible legal action against the District.

The Superintendent or designee will undertake regular risk assessments to identify, assess, and prioritize risks to District information assets.  Controls will be selected and implemented to mitigate the risks identified.  Risk assessments will be undertaken using a systematic approach to identify and estimate the magnitude of the risks.

Date Adopted: 04/05/2013