IT Risk Management

Information and knowledge keep gaining importance as critical factors for a company’s success – which is why the proctection of this assets draws the attention of management. While being a part of Corporate Risk Management, IT Risk Management System provides both Compliance and safeguarding of company interests (e. g. protection of critical corporate information).

An integrated approach for IT Risk Management

Countering specific IT risks almost every modern company is confronted with calls for a holistic, intended and structured methodical approach. IT Security experts at INTARGIA rely on international and national accredited standards – including ISO 31000, ISO/ICE 27001ff., BA 25999 or “BSI IT-Grundschutzkataloge” (standards 100-1 to 100-4). INTARGIA combines these specifications and best practices gained during project experience into an integrated approach which is highly scalable  to the individual needs for each enterprise. Our goal: IT Risk Management – effective and with sense of proportion.

The integral sections of IT Risk Management

We count five closely related topics to the scope of IT Risk Management:

1) Information Security Management

IT Security is in the center of our approach: The initial IT Security audit deliveres a quick and cost-effective survey of the company’s status quo. Based on the findings  you can tackle weak points immediately and enhance the level of security sufficiently in the short run.

In the long run enterprises should consider the development and integration of an IT Security Management System (ISMS) to transfer the mode of operation from a reactive to a proactive one.

2) Privacy Protection Management

Another important regulated requirement in Germany is Privacy Protection, essentially codified in the “Bundesdatenschutzgesetz” (BDSG). While IT-Security Management focuses on the security of all company’s important data and information , Privacy Protection centres around individual-related Data, for example clients, employees or distributors.

Based on the Privacy Protection audit to acquire the current situation of the company it is possible to proactively take care of weaknesses to make sure that the company follows required regulative guidelines. INTARGIA’s Privacy Protection Management System can support your company in improving its business processes and competitive advantage.

3) IT Continuity Management

Being unable to operate or the loss of data currently belong to the major challenges a company has to face in case of a major disaster. Studies have shown that 43% of companies that experienced a major data loss without having a solid emergency plan in place never reopen, another 51% close within two years. Only 6% survive long-term.

Therefore Business Continuity Management is essential for IT as much as  other departments to resume operations after small incidents like a burst water-pipe or full scale disasters like the total loss of the electronic data processing center. In these cases a company has to be able to rapidly reinstate all crucial processes to keep a minimum of operations running and return to total operations in the long run.

“Who has to be informed?”, “Are we contractual covered, so our distributor will supply us promptly with alternative equipment?” or “Does a proceeding plan exist which is accessible to the right people in case of a crisis?” These are only some of the questions which have to be asked within the framework of Business Continuity.

Within this framework INTARGIA offers you support in developing a concept for Business Continuity Management, based on the regulations of international (BS 25999) and national standards (BSI 100-4).

4) IT Project Risk Management

Identifying Risks and properly reacting to these findings are important requirements for successfully managing projects. In contradiction to corporate risk management, project risk management is aimed at the handling of risks which emerge of complex IT projects.

Every project is a unique, individual venture and therefore prone to unpredictable risk(s). In this context risk is conceived as the "insecurity of project results". Risk management is used to keep risks inside acceptable parameters in a effective and economical way.

INTARGIA's approach at IT project risk management contains identifying and evaluating project risks as much as possible while creating countermeasures to reduce impact and likelihood of threats to project success. As such threats we count potential divergence from targets, including time and budget as much as quality and functionality.

5) IT Compliance Management

IT Compliance describes the adherence of IT infrastructure to certain legal, corporate and contractual regulations. As a part of corporate Compliance, IT Compliance puts such requirements in focus, which primarily relate to a companies IT systems. Enterprises are not only bound to numerous legal obligations, which in case of disregard can cause significant penalties, but also EU directives, international agreements, corporate guidelines and trade practices.

This mainly applies to publicly traded and limited liability companies, as executives and directors are personally liable for their organizations compliance to legal regulations. Negligence can be persecuted and sanctioned by civil and criminal law. The German BDSG for example imposes a prison sentence of up to two years or a fine in case of violation. Since Basel II dictates extensive examinations to financial institutions there is a sincere need for action on part of corporations.

Cooperations and Commitments

In the above mentioned areas of IT Security Management INTARGIA reverts to the professional support of selected partners. INTARGIA itself is committed in various competence networks, for example GI (Gesellschaft für Informatik) – department of Security, GDD (Gesellschaft für Datenschutz und Datensicherung e.V.) or CAST (Competence Center for Applied Security Technology). If you want to find out more about partnerships and engagements please refer to the top right side of this page.

Would you like to find out about our references? Please don't hesitate to contact us.