The company has offices in over 20 countries, and currently employs approximately 700 independent suppliers. The company has more than 2,000 stores, with a turnover of over 50 billion.
The company has a large geographical spread, a large number of ongoing development projects and many administration systems. Managing security risks presents, therefore, major challenges. The company needs a solution that provides an effective way of managing its security risks in projects, new developments and changes.
We were commissioned to find a process to initiate risk activities at the correct phase and to identify and evaluate security-related risks. This had to be managed continuously in the company's existing processes. The company lacked a defined risk methodology and dedicated resources for methodical support of the risk process, and to facilitate the implementation of risk activities.
Together with the company, We began to create a simple and pragmatic method for ordering and carrying out continuous risk assessments in projects and administration. The risk model and method were created according to ISO 27005, and the criteria were based on the company's pre-conditions. A risk analysis report was presented, containing; identified risks, assessed risks and recommended measures for every occasion. We also provided qualified resources for facilitation and methodical support of ordered risk analyses.
The risk model and methodology created the prerequisites for a gradual dissemination of knowledge regarding risk management throughout the company and increased security awareness. This enabled the company to manage risk analyzes itself, using well-implemented processes and proven risk analysis methods.
The risk assessment reports formed the basis for better decision making, with prioritized measures for the project or management organization. This increased control and secured critical information assets for the company's operations.
This case was conducted by Safeside Solutions AB, now part of Nixu Corporation.