Implementing risk management process for construction company

Risk management
eero öster

Eero Öster

Head of Cloud Transformation
CONTACT US

The construction company is one of Sweden's largest. The company is listed, and has a turnover of more than SEK 20 billion. The construction company offers building services in both the public and private sectors.

The challenge

The construction company provides global operations with a large number of IT projects and IT systems distributed across several companies. IT projects and systems require risk management in order to weigh IT risks against other business risks. In view of the global spread, the risk management must be consistent across all companies, regardless of geographical location.

Our solution

Together with the customer, we identified the need to create and implement a general risk management process. To facilitate this, a simple and pragmatic risk management model was first created, based on ISO 27005. Based on this model, a risk management process was then adapted to the needs of the company. The risk management process defines activities and integration to facilitate their implementation and continuous risk assessment.

The risk management process that was developed included the delivery of process documentation and process rules, definitions of roles and responsibilities for the implementation of the process, as well as instructions, checklists and integration descriptions. In order to facilitate continuous risk assessment, we also provided a threat database, report templates, risk management tools and aggregation tools.

Customer benefit

The effect of the implemented risk management process is increased consensus on the evaluation and aggregation of risks. The risk management process also provides an improved decision basis for prioritizing measures, which affords cost-efficiency.

The risk management process also affords increased control and critical information is secured. By using the risk management process, the construction company can focus on proactive measures to reduce, among other things, the number of incidents.

This case was conducted by Safeside Solutions AB, now part of Nixu Corporation.

Lisätietoja

  • eero öster

    Eero Öster

    Head of Cloud Transformation
    CONTACT US

aiheeseen liittyvät blogit

Let’s build on trust!

In today’s society, trust is immensely precious to everyone, not only to consumers but also to companies and organizations whose business relies on digitalization. How we build and maintain that trust is a very topical issue in which cybersecurity has a key role to play. October is the official European Cyber Security Month and it is being celebrated for the fifth time this year with the important goal of highlighting the importance of cybersecurity in society.

Veera Relander
Lokakuu 9, 2017 at 10:30

Things that security auditors will nag about, Part 1: #NoLogs

This the first part of our blog series "Things that security auditors will nag about and why you shouldn't ignore them". In these articles, Nixu's security consultants explain issues that often come up when assessing the security of web applications, platforms and other computer systems.

Syyskuu 4, 2017 at 10:01

Why certify and what is ISO 27001?

ISO 27001 has become the de facto standard for Information Security Management System certifications. Most other security standards are based on or refer to ISO 27001 at least to some degree. We also see a trend that regulators are keen to use ISO 27001 as a baseline for security instead of inventing yet another new standard for industry actors to follow.

Toukokuu 30, 2017 at 10:30