~2 page information security policy on trust.
 
Trust is a widespread factor, a valuable yet ephemeral information asset and a fragile control. 
 
Trust-related risks should be managed in the same manner as other information risks - identified, evaluated and treated. Whereas trust and trustworthiness are usually implicit, it is appropriate to draw out and address the trust-related risks associated with particularly important/valuable information assets explicitly. For example, the following are clearly trust-related :
Access rights;
IT system privileges and various 'overrides';
Oversight, plus monitoring and surveillance;
Business relationships;
Penetration testing;
Auditing.
 
Supplied as an MS Word document, readily customised for your organisation's specific situation.