ICL Services standard for information security management of service projects

The users of the standard are the Company’s employees in executive positions within the framework of service projects. The IS management standard consists of a risk-based approach. This involves conducting an analysis of IS risks and customer requirements for each project, after which measures to ensure IS are implemented. The way in which the same IS measures are implemented may vary from project to project.

In order to assess the level of maturity of the IS management process of a particular project, as well as to further improve the IS management processes within the project, ICL Services has developed a 4-level maturity model:

• Level 4 is the highest. This level is not always needed.
• Level 3 is the target level. The objective of Level 3 projects is to support it.
• Level 2 is the minimum allowable level. The objective of Level 2 projects is to reach Level 3.
• Level 1 is the lowest. This level is considered a risk for IS. The objective of Level 1 maturity projects is to achieve at least Level 2 maturity.

The level of maturity is assigned based on the results of the IS internal audit of the project and is recorded in the audit report. The parameters by which the maturity level is estimated include compliance with customer requirements in the field of IS, IS risk management within the project, communication, team awareness, access control and others.

The information security management standard was developed in 2015. During 4 years of work, it was implemented in many of the company’s Russian and international projects. As noted by project managers, thanks to the implementation of the IS management standard, these projects have significantly reduced IS risks, and as a result, the number of incidents and escalations has decreased, and customer satisfaction has increased.