Security risks are business risks. Good security is a critical success factor for long-term company survival.
Directors have duties of care to the public, staff and shareholders: security failures could affect any or all of those catastrophically.
But compliance with security regulations is not enough, and directors should establish assurance systems to embed security as a strategic capability.
A SeMS is an organised, systematic approach to managing security which embeds security management into the day to day activities as a strategic capability.
It provides the necessary organisational structure, accountabilities, policies and procedures to ensure effective oversight.
In summary, a SeMS is an assurance system for security
Developing the SeMS is an evolutionary activity executed at the pace the organisation can sustain.
More time is lost through delays at the start of a project than at any other time. We recommend an easy, early start with a Gap Analysis:
The action plan will enable you to decide how best to proceed. We recommend an evolutionary approach based on capability maturity principles.
Corporate management will adopt security as a strategic capability, alongside sales, operations, finance and other functions.
Security managers will embed and drive the SeMS, championed by the Accountable Manager.
Company-wide communication will engage stakeholders and staff right across the organisation in SeMS.
Other directors and managers will promote SeMS principles and the security culture. .
A SeMS is NOT:
Copyright © 2021 3DAssurance - All Rights Reserved.