Managing Risk Assessments and Policies in Bastion

Last updated: May 13, 2025

Risk Assessment Requirements

Risk assessments should be performed at the company level on an annual basis, rather than for individual projects. You can conduct and document your risk assessment in two ways:

  1. Use Bastion's built-in risk assessment template at https://app.bastion.tech/compliance/risk-register

  2. Upload your own risk assessment document to Bastion for audit purposes

Policy Management and Versioning

Bastion automatically handles version control for your policies and procedures. When you publish a new version of a policy, the previous versions are automatically stored and maintained within the system, providing a complete audit trail.

Policy Document Best Practices

When referencing roles in policy documents, use the role title (e.g., "CISO") rather than specific individual names. This approach ensures the policy remains current even when personnel changes occur.

Tip: Using role titles instead of individual names in policy documents reduces the need for frequent updates and maintains document accuracy over time.