Information technology requirements are complex: IT should provide monitoring tools to manage the company. It should provide optimal support for the business objective and has to operate in accordance with the internal and external parameters.
It is these complex requirements that we lay focus on with our IT governance: we integrate IT strategic orientation into corporate management, provide transparency and standardised processes.
Our long standing experience in development and implementation of governance processes in the field of IT helps us to give you productive advice. Reference models and standards like ISO 38500, ValIT or COBIT offer valuable orientation for both you and us.
There is no avoiding risks, they differ in their impact but are inherent to each and every process. Earliest detection of risk and corresponding risk management, have long been critical for the success of a company besides often forming an integral part of statutory provisions.
The use of ISO/IEC 27005 (Information Security Risk Manage- ment) or the BSI Standard 100-3 is of course not mandatory in risk management, they are, nevertheless, good preparatory and implementation aids. Forming strategies, developing structures and systems of risk management begin with identi cation of risks.
Deriving business implications leads to specific improvements, e.g. beginning with early detection of risk down to strategic repositioning of entire business segments.
Every IT operation comes with parameters and requirements. The more comprehensive the business operation that much more complex are the rules to be observed. New guidelines means an increase in the number of checks and measures required for compliant standard operations.
It is not easy here to keep track:What are the checks that in effect are adequate? Which are the checks that simultaneously apply to multiple parameters? How is effective monitoring of compliance possible? And, how is early detection of anomalies possible?