The Information Security And Compliance Lead must ensure that the Information Security And Compliance Framework is sustained and that delivery has a proper hand off from transition team. The policies and procedures, documented lessons, procedures and detailed work instruction documentation and knowledge as well as any proposals to improvements must passed on to the on-going support or delivery information security teams.
During this stage following actions are performed:
-
The security and compliance framework components are documented and uploaded in a common repository
-
Capability of the security components are assessed
-
KPIs are confirmed and reporting mechanisms are in place
-
Availability of appropriate controls is confirmed.
A service take-on review is conducted between the Engagement Manager (Transition) and Delivery Manager to perform a readiness check of the Service Delivery Team for taking over the security and compliance activities. All security development done so far viz., policies, audit plans, training plans, training material, documentation on physical, data and application security controls must be transferred to the Run team. |
