Task: Identify And Establish Security Controls And Measures
The purpose of this task is to identify a set of security and data protection controls to support and enforce the security and data protection policies and minimize all recognized and identified threats. This task also identifies the security and data protection measures that can be used in the prevention of security and data protection breaches.
Relationships
RolesPrimary Performer: Additional Performers:
Outputs
    Main Description

    Having reviewed the requirements and defined the policy, it is necessary to identify and establish the controls and measures in line with the outcome of the business risk assessment. Security And Data Protection is an ongoing process that needs to be continuously managed using a set of security and data protection controls. Security and data protection measures are used in the prevention of security and data protection breaches. Controls should be measured during the set up and execution of the Service Engagement. Having baselines in line with the defined policy and business risk analysis, comparison of the service engagement performance against these baselines will provide the status of the Security And Data Protection Management of the Service Engagement. Service Engagements often have access to Client’s/users personal data in the systems or applications within the scope . The controls and measures should also cover these aspects.

    To understand the Data Protection controls to be implemented the following will need to be understood:

    • Capgemini’s responsibilities in the contract for holding and processing Client data
    • The types of data being held, and the sensitivity/security classification of the data
    • Who will have access to the data, including all distributed parts of the team and Suppliers, and which environments will it be held in
    • Requirements for storing, handling and processing the data including, data transfers, retention and disposal.
    • Technical and Organizational measures
    • Regulatory requirements such as maintenance of Data Protection register
    • Associated Data Protection Officer (DPO)
    • Binding Corporate Rules

    The objectives of establishing security and data protection controls include:

    1. Establish a framework within the Service Engagement to initiate and manage information security and data protection.
    2. Allocate responsibilities within the Service Engagement team.
    3. Establish an organization structure to prepare, approve and implement the security and data protection policy.
    4. Establish and control security and data protection related documentation.

    Different types of security and data protection measures that can be implemented in Service Engagement include:

    1. Measures to prevent security and data protection breaches from happening.
    2. Measures to minimize any possible damage due to security and data protection breaches.
    3. Monitoring and detecting security and data protection breaches.
    4. Measures to correct damage that has happened already.
    5. Measures to implement data privacy by design
    More Information
    Guidelines

    Copyright © 2022 Capgemini. All Rights Reserved.