Consulting Stine Frederiksen March 18, 2022

Consulting

Get documented rules and procedures to protect your organisation or get assistance for your contingency plan

What we offer

Security Policy and IT Security Manual: Describe your organisation’s position on IT security, and document the rules and procedures that apply to employees and partners.

Disaster and contingency plan: You get control of how to respond if the organisation is affected by a serious incident.

Security Policy and IT Security Manual

A security policy describes your company’s position regarding IT security, while an IT security manual documents the rules and procedures that apply to employees and partners.

The preparation of a security policy and especially an IT security manual can be a comprehensive task. Dubex’s Governance, Risk & Compliance (GRC) consultants can help you along the way so that nothing is overlooked.

Our advice is based on standards such as ISO 27001/27002.

What we do

The project begins with a start-up meeting or a workshop, where relevant employees are given an introduction to key security concepts, and concrete guidelines that should be in place will be discussed. Relevant documentation is then prepared.

Alternatively, we can help review existing documentation so that it reflects developments in the business’ needs, new standards and changes in the threat assessment. In addition, we offer feedback and discussion on how the ongoing registrations and maintenance of the manual are done in the best way.

If your company already has a security policy or an IT security manual, we can review them to ensure that the material is relevant and up to date.

Advice and feedback on the IT security policy and security manual can be supplemented with, for example:

Disaster and Contingency Plan

With a disaster and contingency plan, your company will be able to respond to serious operational disruptions in a structured and constructive way, so that downtime is minimised.

A disaster and contingency plan is an important prerequisite so that secure and stable operations can be restored as soon as possible after a serious operational disruption.

Dubex can help you prepare a disaster and contingency plan tailored to your company’s needs or with testing and evaluating your company’s current contingency plans.

Dubex’s approach to the work is based on the guidelines from ISO 27002 and includes:

  • Identification and assessment of the IT systems covered by the contingency plan.
  • Design, preparation and documentation of the contingency plan.
  • Implementation, testing and communicating of the contingency plan.
  • Follow-up on experiences and maintenance.

What we do

In the design phase, the company’s level of ambition is determined. For example, is there a need to start at a lower level with, for instance, incident management? The design also depends on the identification of business-critical processes, as well as the IT systems that must be covered by the contingency plan.

In connection with the preparation of the contingency plan, it must be clarified what plans already exist and any external requirements for a contingency plan. In addition, relevant emergency preparedness scenarios as well as roles and responsibilities must be identified. Finally, the handling of the individual emergency scenarios must be described and the necessary prerequisites defined.

Depending on the material your company has today and what ambitions you have, it can be a big task. Dubex is happy to help with advice and feedback during the process, just as we can also help with the preparation of the plan and other documentation, etc.

Advice and feedback on disaster and contingency plans can, for example, be supplemented with:

Address tomorrow’s challenge, today.

Talk to an expert about how we can secure your business