
Risk Management Resources Kit
Assessing your organization’s risk profile can be complicated — especially when you’re strapped for time and resources. This free risk management resources kit simplifies the process with essential tools you’ll need to identify, prioritize, and mitigate risk, including policy templates, worksheets, and more.
What’s in the risk management kit:
- Risk appetite worksheet
- Risk appetite statement template
- Third-party risk management policy template
- Incident response plan template
- Disaster recovery plan template
Risk appetite worksheet
Follow these steps to establish a risk appetite framework that effectively guides better decision-making, supports strategic objectives, and enhances your organization’s operational resilience.
What’s included:
- Step-by-step guidance on defining an appropriate risk appetite for your business
- Practical tips for implementing risk appetite successfully into your organization’s processes

Risk appetite statement template
A risk appetite statement specifies the types of risks facing your organization, describes the acceptable levels of risk for different activities or decisions, and outlines who within the organization is responsible for making decisions about risk.
What’s included:
- A complete, customizable risk appetite statement template that's easy to tailor to your organization
- Track version history and changes made to keep your risk appetite statement up-to-date

Third-party risk management policy template
Use this template to help build a solid foundation for managing your third-party relationships, whether you’re creating a third-party risk management policy for the first time or looking to strengthen your current policy.
What’s included:
- Establish strong controls and processes for managing third-party security risks
- A complete, auditor-approved template that's easy to tailor to your organization

Incident response plan template
An incident response plan defines a predetermined set of instructions or procedures to detect, respond to, and limit the consequences of a security incident.
What’s included:
- A defined, systematic incident response process for information security incidents
- Testing methods to ensure the plan is effective and practical

Disaster recovery plan template
Define a contingency plan that outlines how your organization will recover and restore its critical systems, operations, and data in the event of a disaster. Use this template to kick off your disaster recovery planning and customize it based on your organization's specific risks and objectives.
What’s included:
- Outline disaster recovery strategies and procedures
- Establish expectations, priorities, and recovery stages if a disaster occurs

SOC 1®, SOC 2® and SOC 3® are registered trademarks of the American Institute of Certified Public Accountants in the United States. The AICPA® Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy is copyrighted by the Association of International Certified Professional Accountants. All rights reserved.