IVE Group information technology (IT) systems are fundamental to business operations. Managing technology related risks is crucial to support, gain and retain business value.
The drivers for IT Risk Management include the need to improve business outcomes, decision making and overall strategy by providing:
- Stakeholders with substantiated and consistent opinions on the current state of risk throughout the IVE Group
- Guidance on how to manage the risk to levels within the risk appetite of the IVE Group
- Guidance on how to set up the appropriate risk culture for the IVE Group
- Wherever possible, quantitative risk assessments.
IVE Group has implemented an information security management system (ISMS) in alignment with the requirements from ISO/IEC 27001:2013 (ISO 27001). Information security risk and opportunities management is an integral part of an ISMS implementation and continuous improvement.
IVE Group has aligned its Information Security Risk Management approach to the following industry best practices where possible:
- ISO/IEC 31000:2018 Risk management — Principles and guidelines.
- ISO/IEC 27005:2018 Information technology — Security techniques — Information security risk management.
- COBIT 5 for Risk: Professional guide from ISACA for management and governance of IT-related risks.