Not yet. The formalization of the QR Planet's already existing policies into a broader assessment in regards to identification, quantification and prioritizing risks based on predefined risk acceptance levels is planned for Q1.
Yes. IT security policies, incident management, regular external security testing, and extended liability and cyber insurance are in place.