The MIS Risk Assessment Policy establishes standards and procedures for routine system security risk assessment and related practices.