How is an implementation performed?
The implementation work will always be iterative to meet the objectives of the project and to achieve the level of compliance required by the customer. The following illustration is Combitech’s view on implementation, where each step is briefly described:
- Within this step we will conduct different analyses in order to set the foundation for the implementation work.
- The iterative compliance block consists of three different steps: Build & Govern, Test and Validate. Initially, we will implement the security measures, both operational and technical, deemed necessary from the applicable standard/regulation/framework. Thereafter, we will perform technical assessments of the implemented measures and lastly perform operational validations and checks of the implemented security measures.
- The content in each step will vary from each time as the process is iterative. Results from both the Test; and Validate-steps will be used to improve the compliance work by identifying areas of improvement. Within the Govern and Build-step, security measures for monitoring can be implemented, and the outcome from these should also be considered when improving the implementation.
- The last part of the model consists of audits. The audit activities should be performed parallel to the compliance steps to improve the implementation. If the customer aims to certify against the applicable standard or framework, we can assist with a pre-audit based on the audit that a certification body will perform.