This policy provides information about the Information Security Risk Management (ISRM) program, including identifying and tracking information security risks, developing plans for remediation, and providing guidance on strategic resource planning.