The construction company is one of Sweden's largest. The company is listed, and has a turnover of more than SEK 20 billion. The construction company offers building services in both the public and private sectors.
The construction company provides global operations with a large number of IT projects and IT systems distributed across several companies. IT projects and systems require risk management in order to weigh IT risks against other business risks. In view of the global spread, the risk management must be consistent across all companies, regardless of geographical location.
Together with the customer, we identified the need to create and implement a general risk management process. To facilitate this, a simple and pragmatic risk management model was first created, based on ISO 27005. Based on this model, a risk management process was then adapted to the needs of the company. The risk management process defines activities and integration to facilitate their implementation and continuous risk assessment.
The risk management process that was developed included the delivery of process documentation and process rules, definitions of roles and responsibilities for the implementation of the process, as well as instructions, checklists and integration descriptions. In order to facilitate continuous risk assessment, we also provided a threat database, report templates, risk management tools and aggregation tools.
The effect of the implemented risk management process is increased consensus on the evaluation and aggregation of risks. The risk management process also provides an improved decision basis for prioritizing measures, which affords cost-efficiency.
The risk management process also affords increased control and critical information is secured. By using the risk management process, the construction company can focus on proactive measures to reduce, among other things, the number of incidents.
This case was conducted by Safeside Solutions AB, now part of Nixu Corporation.