Managing Information Risks



ARMS has developed this guidance to provide an overview of information risks in the context of managing records. It provides a snapshot of information and records risks and proposes potential risks mitigation strategies. This page also provides links to more detailed guidance on risks arising from managing sensitive information, as well as business continuity risks such as the damage or loss of records and information from disasters or major systems failure.

Understanding the information risks of a specific programme through a comprehensive assessment of its records and information management activities, allows offices to plan for their mitigation. A strong records management regime should be one of your primary risk-mitigation strategies. A risk-based approach to records and information management has the potential to deliver benefits, ranging from enhancing an Organisation’s performance to improving the strategic use of information. Managing records and information risk is also directly related the accountability of staff members and the Organization at large.

This guidance is intended for information and programme managers in information technology or substantive areas seeking to reinforce their information management capacity and the accountability framework for their core activities.


Overview of Information and Records Management Risks 

Guidance on Information Security Risks


Guidance on Business Continuity Risks 


Risk Assessment Guidance