Information Security Management System
With CISO-as-a-Service (CaaS), the customer transfers the role of the Information Security Officer to terreActive as an external employee who is integrated into the organization. The CaaS maintains and operates the ISMS (Information Security Management System).
Which tasks does the CISO-as-a-Service take over?
- He maintains and operates the ISMS, this includes:
- the interaction with the stakeholders
- reporting to the management
- keeping the risk register
- the monitoring of projects
- maintenance of policies and directives
For whom is this offer suitable?
- For companies that have the highest demands and want to overtake their industry peers in terms of security level.
- For companies that have regulatory requirements to maintain an ISMS (e.g. required ISO certification).
- For companies that already have an ISMS or something comparable in place.
Relieve internal resources by outsourcing the ISMS
The ISMS maintains and manages rules, regulations and processes in a company to control, manage and regulate information security. The relevant standard for this is ISO 27001, to which companies can be certified. In contrast to pure basic IT protection, which terreActive applies in its Cyber Security Readiness offering, an ISMS is highly complex and generates correspondingly more effort. Companies that want to relieve the burden on their own resources can obtain everything from a single point of contact with terreActive's CISO-as-a-Service.
He acts as an external employee with his own tasks and fixed workload. He acts proactively and autonomously.
Evolution of collaboration
What comes before CaaS?
If the customer is new to the topic of risk & compliance, does not yet have an ISMS in place and is planning the first steps, the path typically leads via basic protection. Here, the basic protection is first designed and built up, which terreActive can take over as part of the Cyber Security Readiness offer. The customer receives an individual solution for the overall approach and can later switch to the CISO-as-a-Service offering.
What comes after the CaaS?
With the CISO-as-a-Service offering, terreActive is guided by known standards. Therefore, it is possible that after the set-up phase and the first optimization steps, an employee of the customer takes over the CISO function. If the customer wishes, terreActive can remain on board as security officer-on-demand.