Identify your ICT risks and safeguard your business for the future

Make an inventory of the essential assets, evaluate the risks and the security measures taken, and identify additional measures to be taken in order to bring the level of risk to an acceptable level for your organisation. More and more businesses outsource some internal operations to external service providers. This decision is often motivated by cost-saving needs. Outsourcing certain functions also allows businesses to concentrate on their core operations.

Most often, however, the outsourcing of a function also involves giving a third party different degrees of access to the network and/or the data of the business. As we all know, this can lead to problems.

The awareness and the backing of management are indispensable for making this exercise a success.

To start, it is good to draw up an inventory of the items essential to the functioning of your organisation. We recommend that you start with, for example, your top 5 of 'essential assets'.

Priority needs to be given to those things that are indispensable to the functioning of your organisation.

The different iterations of your plan allow you to progressively enrich this inventory, to complete it, and to expand it.

In order to draw up the inventory:

  • define the different 'essential assets' together with management and the departments,
  • meet with the people responsible for the different assets, so you can better determine/define them,
  • write them down in a list,
  • get approval for this list from management, in a meeting, so that you can get management involved in your process (the minutes of the meeting serve as evidence).

There are different types of essential assets within all organisations, but here is a non-exhaustive list by way of example:

  • primary assets, namely:
    • key information, services and processes, and
  • secondary assets:
    • IT systems supporting the primary assets.

Do not try to come up with an exhaustive list; concentrate on the essentials. It is better to start the process with a limited number of assets than to try and list everything, as this is rather likely to be obsolete by the time you finish the exercise.

It is important is to start the process and then to make progressive improvements.