| Mission Critical Outsourcing |
| Our Vision |
| Risk Management |
The auditable IT outsourcing company
Risk management
Increasingly, companies operate in a global, high-tech and regulated 24/7 business environment. The more complicated the environment, the more potential points of failure and all the more difficult to manage the complexity created by ongoing changes and innovations. Failure at any integration point can result in unplanned application downtime and business disruption.
The line between business processes and mission critical applications is becoming increasingly blurred and, in many cases, indistinguishable. Inherent in this shift is reduced visibility - for the business manager and application owner - of the interfaces and inner workings of their application landscape. Addressing this lack of visibility and making sure that decisions are based in absolute context is one of the key attention areas within Schuberg Philis' change and risk management.
Schuberg Philis' strategy is to focus at an early stage on limiting any potential risks related to customers' strategic activities. Simultaneously, we are keen to exploit available opportunities to achieve customers' business objectives.
Understanding business criticality and dependencies within our customer's application infrastructures and tracking the impact of changes over time, is crucial to maintaining a reliable change- and release management process. Schuberg Philis retains an ongoing record of changes over time and their impact across the outsourced environment. Every customer has its own certified (ISO 27001:2005) and fully auditable environment in our state-of-the-art data centre.
The Schuberg Philis service model brings reliability to the application infrastructure change- and risk management process through clear governance, enhanced visibility, impact analysis, audit and compliance, thus creating maximum context to manage risk and govern changes across the mission critical application landscape.
An integral part of our daily activities, our risk management is directly geared to the operating structure of the company. We have a deep- rooted ‘risk management culture'. The diversity of business activities require different ways to manage risks tailored to the unique needs of each customer. The objective is to identify potential risks early on, assessing those using specific criteria, evaluating the extent and characteristics of the risks and introducing appropriate precautionary and security measures.
We use CRAMM (CCTA Risk Analysis and Management Method) as the internationally accepted method for structured risk assessment and management. Our risk management partner is Deloitte Enterprise Risk Services.
CRAMM asserts that risk is dependent on asset values, threats, and vulnerabilities. The importance of these parameters is assessed by the Schuberg Philis customer team in a series of interviews with the customers' business managers, the users of the systems and applications, the security department, suppliers and partners. The outcome of the CRAMM review is an analysis of current risks and a set of recommended countermeasures which are deemed appropriate to the classification of risk. We asses annually the evolving risk profiles with our customers.
The Schuberg Philis approach to assessing, mitigating and managing the risks of unintended consequences when making changes to mission critical business applications is key to the success of our customers relying 24/7 on their outsourced critical information- and transaction systems.
Auditable
All our customers operate in regulated markets with their own specific compliance requirements. While making sure that the Schuberg Philis' processes and measures are certified against the highest international standards, our combined audit planning with customers creates enormous efficiency and control with regards to operational risk.
Schuberg Philis puts great emphasis on being transparent and auditable. Application infrastructures are a critical component of nearly every business process. The accuracy and reliability of transactions heavily depend on the reliability of a company's critical application infrastructure and controls. The increasing regulatory and compliance focus is the result of a general unease with companies' risk management capabilities and the magnified impact that could result from deficiencies.
Schuberg Philis eliminates identified concerns through targeted risk mitigation, which addresses such issues as policies and procedures, architecture, internal controls, monitoring, measuring and awareness. We help our customers by incorporating corporate governance, regulations and compliance into the overall service- and infrastructure management of their outsourced business critical applications. Which is why we call Schuberg Philis the auditable IT outsourcing company.
As part of our overall contribution to transparency and auditability, we have embraced the ISO 27001:2005 standard. This is the new industry standard for information security management systems (ISMS). It was formalized in October 2005 and replaces the previous BS7799 standard. Certification by KEMA was realized beginning of 2006.
Schuberg Philis is the first outsourcing provider whose ISO 27001:2005 Statement of Applicability (scope of the certification) also covers all customer application infrastructures outsourced to Schuberg Philis as part of the audited and certified environment. This means that our customers can state that their dedicated mission critical application infrastructure is ISO 27001:2005 certified. For customers who require a SAS70 statement, Schuberg Philis is capable of providing this in close cooperation with the customer on the specific type and scope.
Living up to our promise as 'the auditable IT outsourcing company', we apply the highest standards while remaining flexible to evolving business needs. We will keep updating our best practices in close cooperation with our customers.