The URL can be used to link to this page

Home My WebLink AboutF10.0 Risk Assessment �'l3llRl�ll `Y 111CJ- 1' E A S CITY OF GRAPEVINE ADMINISTRATIVE POLICY SUBJECT- RISK ASSESSMENT SECTION. F NUMBER: 10.0 PREPARED BY- Information Technology REVISED DATE: 02/01/2014 PAGE: 1 of 1 PURPOSE 10.1 The purpose of the Risk Assessment policy is to empower IT and/or outside contractors to perform periodic information security risk assessments (RAs) for the purpose of determining areas of vulnerability and to initiate appropriate remediation. POLICY 10.2 Risk Assessments can be conducted on any entity within the City of Grapevine. RAs can be conducted on any information system, including applications, servers and networks, and any process or procedure(s) by which the City systems are administered and/or maintained. 10.3 The execution, development, and implementation of any needed remediation as a result of an RA are the joint responsibility of IT and the department responsible for the systems area being assessed. Employees are expected to cooperate fully with any RA being conducted on systems for which they are held accountable. Employees are further expected to work with IT in the development and execution of a remediation plan.