Full Speed Ahead: Managing Technology Risk in the Nonprofit World, from the Nonprofit Risk Organization, suggests some policy requirements, including a Web site disclaimer and notice of proprietary information, Web links policy and disclaimer, Web security statement, and a Website privacy statement <http://www.nonprofitrisk.org/pubs/full_spd.htm>. Jean C. Miller in "Risk Management for Your Web Site," op. cit., identifies quantitative (monetary values) and qualitative (scenario-oriented, potential threats, evaluate countermeasures and safeguards) measures. Costs should include acquisition, development, and maintenance of the information and the value to owners, custodians, users, as well as the current value in the world. Miller also recommends keeping an inventory of countermeasures and defines the characteristics of countermeasures as cost effective, requiring minimal human intervention, complete and consistent, sustainable, auditable, accountable (initiated by an authoritative entity), and recoverable (introduces no additional damage). The Nonprofit Risk Organization recommends a risk management team and crisis response team. RMIS promotes an anti-virus response team, and Risk Management Reports suggests having a chief risk officer. The Risk Management Association offers a range of tools that support project management, data collection, the development of manuals, and training. RMIS provides risk management alerts and advisories; risk assessments; anti-virus detection and response tools and teams; and Internet growth, performance, and weather reports. Back to the text of the article.