Security risks are business risks. Good security is a critical success factor for long-term company survival.
Directors have duties of care to the public, staff and shareholders: security failures could affect any or all of those catastrophically.
But compliance with security regulations is not enough, and directors should establish assurance systems to manage the security risks.
A SeMS is an organised, systematic approach to managing security which embeds security management into the day to day activities of an organisation.
It provides the necessary organisational structure, accountabilities, policies and procedures to ensure effective oversight.
In summary, a SeMS is an assurance system for security
Developing the SeMS is an evolutionary activity executed at the pace the organisation can sustain.
More time is lost through delays at the start of a project than at any other time. We recommend an easy, early start with a Gap Analysis:
The action plan will enable you to decide how best to proceed. We recommend an evolutionary approach based on capability maturity principles.
Typically the project team will not be a dedicated resource, but will be members of the security team alongside their normal duties.
This need not be onerous since the project can be self-paced and the SeMS becomes the improved way they carry out their normal duties.
Stakeholders and staff right across the organisation must be involved by providing engaging communication throughout the project.
A SeMS is NOT:
Copyright © 2019 3DAssurance - All Rights Reserved.