Number: 
Creation Date:  2022-10-04
Category:  Risk Management
Effective Date:  2022-10-04
Version:  1.2
Last Reviewed:  2025-03-04
Security Classification:  Protected A
Scheduled Review Date:  2027-03-31
Status:  Approved

Description:
Please note that information classified as Protected (per the Data and Information Security Classification standard) is only accessible to Government of Alberta Employees. External users are therefore not able to download this document. To request access, please contact us: imt.policy@gov.ab.ca.

The Risk Management Control Policy defines the control objectives for identification, assessment, and management of information security risk within the GoA. Information security risk is managed through risk assessment, threat identification, vulnerability assessment, and documented processes for reporting and treating risk. ​


Keywords: risk management, threats, vulnerabilities, risk tolerance