Transfer ISDP concept
Purpose
The ISDP concept is updated and reviewed by the controlling and compliance body. This is a prerequisite for the decision to launch operation. It is transferred from the project organization to the core organization.
Basic idea
The project sponsor must be able to identify with the updated and checked ISDP concept, approve it and support it externally, as well as accept the restrictions.
HERMES-specific
With the decision to launch operation, the project sponsor assumes responsibility for the operating risks. The ISDP concept is approved by the core organization's executive board, which accepts the residual ISDP risks with its approval.
Activities
-
Update the implementation status in the ISDP concept
-
Update the residual risk assessment in the ISDP concept
-
Have the ISDP concept checked by the competent controlling and compliance body and get feedback
-
Get approval for the ISDP concept with the residual risks from the project sponsor and the core organization's executive board
Relationships
| Module | Task | Task responsibility | Outcome | Involved in creation of outcome |
|---|---|---|---|---|
| Information security and data protection | Transfer ISDP concept | ISDP manager | ISDP concept | Operations manager, Application owner, IT-architect |
| Transfer ISDP concept | ISDP manager | Checklist | Project manager |