Outsourcing Information Security Officer
HIT THE GROUND RUNNING IN GERMANY – OUTSOURCING INFORMATION SECURITY OFFICER to Germany
Outsourcing Information Security Officer – We take on the following tasks for the establishment of an audit-proof information security management:
- Supporting the management in defining and adapting the information security guideline and advising on all information security issues.
- Drawing up information security guidelines and, if necessary, other relevant regulations
- Controls for compliance with the information security guidelines and monitoring of the guidelines vis-à-vis IT service providers
- Participation in the creation and updating of the emergency concept with regard to IT matters
- Initiation of information security measures and their monitoring
- Participation in projects with IT relevance
- Contact person for information security issues within the company and for third parties
- Investigating information security incidents and reporting to management
- Awareness-raising and training measures on information security
- Informing the management regularly, at least quarterly, about the status of information security as well as on an ad hoc basis.
What needs to be considered? + Outsourcing Information Security Officer
The function of the information security officer shall be organisationally and procedurally independent in order to avoid possible conflicts of interest. To avoid possible conflicts of interest, the following measures in particular shall be observed:
- Function and job description for the information security officer and his/her representative.
- Determine the resources required for the function of the information security officer.
- Budget for information security training in the company as well as personal training for the information security officer and his/her representative.
- Immediate and constant opportunity for the information security officer to report to the management.
- Obligation of the company’s employees as well as the IT service providers to inform the information security officer immediately and comprehensively about all IT security-relevant facts that have come to light and concern the company.
- The function of the information security officer is organisationally separated from the areas responsible for the operation and further development of the IT systems.
- The Information Security Officer does not perform any internal auditing tasks.
Outsourcing Information Securitiy Officer
Companies shall establish the function of the CISO.
This function includes the responsibility for the perception of all information security issues within the institution and vis-à-vis third parties.
It ensures that the goals and measures set out in the IT strategy and the information security guideline of the company.
The BAIT include regulations on the following focal points:
IT strategy
IT Governance
IT projects, application development
IT operations
Information Risk Management
Information security management
User authorisation management
Outsourcing of IT services