Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved
(A) Personal computer systems and word processors used to store,
process and/or access confidential or sensitive data, shall undergo
risk analysis as required by the information security function.
Risk analysis results shall be presented to the owner of the
information resources for risk management. The degree of risk
acceptance (i.e., the exposure remaining after implementation of
the recommended protective measures) must be identified. The
information security function must be prepared to demonstrate that
security precautions have been established to ensure data
confidentiality and the maintenance of information integrity.