This PDF guideline provides a framework for establishing systems to evaluate information risks and describes a process for framing a risk management system using a risk quadrant:
Administrative risks – threats related to managing the RIM program (information governance, change management, and emergency management)
- Records control risks – records classification, records retention and disposition, records storage
- Legal/regulatory risks
- Technology risks – information security, electronic communications, and software applications
View the table of contents.
This pdf download is also available as a publication.