A Model 2005 Operational Risk Resolution
The organization shall develop, implement, maintain and continually improve a documented risk management system. Identify a method of risk assessment that is suited for the organizations business information to be protected, regulatory requirements and corporate goverance guidelines. Identify the assets and the owners of these assets. Identify the threats to those assets. Identify the vulnerabilities that might be exploited by the threats. Identify the impacts that losses of confidentiality, integrity and availability may have on the assets. Assess the risks. Identify and evaluate options for the treatment of risks. Select control objectives and controls for treatment of risks. Implement and operate the system. Monitor and review the system. Maintain and improve the system.
If you can agree with this then you are already a candidate for implementing a management system and becoming a BS 7799 compliant organization.
For more info see: BSI Management Systems