We Mana Nutrition Pvt Ltd
Risk Management Policy
The purpose of the We Mana Nutrition Pvt Ltd Risk Management Policy is to establish the requirements for the assessment and treatment of information security-related risks facing We Mana Nutrition Pvt Ltd .
The We Mana Nutrition Pvt Ltd Risk Management Policy applies to all We Mana Nutrition Pvt Ltd individuals that are responsible for management, implementation, or treatment of risk activity.
• Formal organization-wide risk assessments will be conducted by We Mana Nutrition Pvt Ltd no less than annually or upon significant changes to the We Mana Nutrition Pvt Ltd environment.
• Risk assessments must account for administrative, physical, and technical risks.
• Information security risk management procedures must be developed and include the following (at a minimum):
o Risk Assessment
o Risk Treatment
o Risk Communication
o Risk Monitoring and Review
• Risk evaluation criteria should be developed for evaluating the organization’s information security risks considering the following:
o The strategic value of the business information process.
o The criticality of the information assets involved.
o Legal and regulatory requirements, and contractual obligations.
o Operational and business importance of availability, confidentiality, and integrity.
o Stakeholders’ expectations and perceptions, and negative consequences for goodwill and reputation.
• All risks will be classified and prioritized according to their importance to the organization.
• Periodically, We Mana Nutrition Pvt Ltd may contract with a third-party vendor to conduct an independent risk assessment and/or to validate the effectiveness of the We Mana Nutrition Pvt Ltd risk management process.
Waivers from certain policy provisions may be sought following the We Mana Nutrition Pvt Ltd Waiver Process.
Personnel found to have violated this policy may be subject to disciplinary action, up to and including termination of employment, and related civil or criminal penalties.
Any vendor, consultant, or contractor found to have violated this policy may be subject to sanctions up to and including removal of access rights, termination of contract(s), and related civil or criminal penalties.