Client: ZP MV CR
| Project: | Launching the security managment system |
| Competence centre: | Security |
| Year: | 2007 |
Brief Descripiton
The client’s intention was to realize a project, which was supposed to carry out a risk analysis in all security areas, draw Security policy and a program of launching Security policy into the existing processes. Needs and possibilities analysis was carried out beforehand. Our objective was to implement proposed methodology of risk analysis with success and gain the most exact information to specify the demands for the Security policy of the organization and for the subsequent counter-measure proposals.
The objective of the project was to realize a risk analysis to specify the risks according to a unique methodology in four security fields, that is the information system security, administrative security, personal security and physical security. On th basis of the analysis results a complex Security policy was to be drawn. The policy was supposed to contain security structures, roles, competences and relations to other fields in the company. There was also a Program containing a plan of counte-measures and tasks for a successful implementation of the security. Its objective was to integrate the security into to the structure of the company, processes and directive base.
Together with the top managment of the company we have identified and specified 39 risks and proposed 25 counter-measures to handle them. A new managment components and new documents creating a cohesive base for successful company managment were implemented into the organisational structure.
Further Information
Managment of the organization, which consisted of the directory and 8 branches, which were active in the whole country (approximately 80 separate workplaces) was interested in a suitable system of security managment, which would prevent the most significant security risks in the area of information security, administrative security, personal security and physical security. The most urgent demand was to create structures and bonds and transfer the know-how in the way, which would enable the security managment to take over the implemented principles and smoothly begin to manage the security.
The project was devided into these phases and outputs:
- Risk analyses – identification, denomination and specification of risks, finding the weak places and proposing the counter-measures. The Risk analysis followed the Needs and possibilities analysis and served as a framework analyses of all areas of the security managment system.
- Security managment system including the Security policy and Typal project of physical security of the object –complex descripition of the security managment system of the whole company with individual tasks and competences for individual roles and work positions in the organisation. Other documents were ready to be implemented into the regulations base of the organisation, they were processed according to the client’s needs.
- Launching the Security policy – defining the consecutive steps to fulfilling the proposed security managment system and Security Policy. The document contained a description of indvividual tasks of the Implementation plan also a schedule of the solutions.
The project was very complex and vast, it affected all security areas. The successfull solution of the project and its implementation into existing structures made the whole managment really interested in drawing up the analysis, promoting it and specifying the risks in the launching and running improving of the security managment system. Project was realized in 26 weeks.
Conclusion
Are you interested in this topic? Are you handling the same problems in your company?
For further information contact as. Telephone number : +420 222 500 111. Email : iteg@iteg.cz.
