Decide on ISDP concept
Purpose
The decision on the ISDP concept is the prerequisite for implementing the ISDP measures and realizing the IT system. The project sponsor approves the ISDP concept and accepts the residual risks with the phase release decision.
Basic idea
The decision on the ISDP concept confirms compliance with the specifications of the core organization.
HERMES-specific
The decision on the ISDP concept is made by the competent controlling and compliance body.
In the case of procurement (i.e. not customized development) of an IT system, the ISDP concept is reviewed after evaluation. This is because the tender chosen has a significant impact on the ISDP concept.
Activities
-
Add further criteria to the ISDP concept checklist
-
Have the ISDP concept checked by the competent controlling and compliance body and get feedback
-
Create decision-making documents
-
Supply decision-makers with the decision-making documents
-
Integrate the review results into the decision-making process for phase release
-
Have the project sponsor acknowledge protection measures and residual risks
Outcomes
Relationships
Module | Task | Task responsibility | Outcome | Involved in creation of outcome |
---|---|---|---|---|
Information security and data protection | Decide on ISDP concept | Project manager | Checklist | |
Decide on ISDP concept | Project manager | Project decision management & execution | Quality and risk manager |