Guidance on departmental information risk policy
The guidance explains what departments must do to develop an information risk policy.
The report of the Data Handling Review introduced the mandatory minimum standards which require departments to have in place an information risk policy. This must set out how they will implement the mandatory measures in their departments and throughout their delivery partners and monitor compliance.
The guidance covers what departments must do to develop an information risk policy, including the high level statements that the policy should cover.