Risk Management Policy

Purpose

To provide Pomona College with guidance in identifying and gaining an understanding of the components of the institution that make up its information security system and thereby enable Pomona College to manage cybersecurity risk to systems, assets, data, and capabilities.

Policy

Pomona College maintains a comprehensive strategy to manage risks to its operations, assets, faculty, staff, students, and other organizations associated with the operations and use of Pomona College’s system. Pomona College’s priorities, constraints, risk tolerances, and assumptions are established and used to support risk management decisions. Pomona College’s risk management strategy is consistently applied across the entire institution. The risk management strategy is periodically reviewed and updated, or as required, to address changes to Pomona College.

Summary

  • Risk management is a fundamental requirement to support the mission of Pomona College.
  • Risk management responsibilities are assigned to executive staff.
  • Continued recognition of risk management is a requirement.
  • Assessing the level of risk that the organization can tolerate is necessary.
  • Risk framing is part of the management process. Framing defines College’s approach to risk management by using laws, policies, regulations and contractual relationships that will inform and impact potential decisions about risk.
  • Risks will be assessed in order to identify and evaluate the risk and its likelihood of occurrence and its breadth of impact.
  • Risk response results in determining the most appropriate course of action, including prioritization and associated cost.
  • Risk monitoring helps Pomona College in monitoring continuing regulatory compliance, effectiveness of risk response and understand changes that present risks to the Pomona College information systems.
  • Risk tolerance is the level of risk or its degree of uncertainty that is acceptable to the College.
  • Risk management strategies are employed consistently across the entire institution

Risk Management Policy Details [pdf]