A leading global energy company had spent two years developing a global Information Security Management System (ISMS) to meet an intensifying compliance pressure globally and lack of transparency and management oversight, due to unaligned and complex  information security management processes with variety of local ISMS implementations. Despite two years of ISMS development, the client was unable to finalize key deliverables to meet compliance deadlines and met resistance from the business due to lack of involvement. We were engaged to drive completion of final development milestones and formulate a roll-out strategy and start execution.

We took over the project management responsibility for the initiative and initiated the operationalization of key processes to support the ISMS.

A global cyber security governance framework with 10 individual governance boards was implemented, supported by a Plan-Do-Check-Act based management process framework. Additionally, we drove the completion of 19 sub-policies, refinement and completion of a control catalogue covering IT and OT and several supporting instructions.

We also created an organizational change management approach to start driving the adoption of the corporate policies, security requirements and guidelines across the organization and ensured that a broad engagement of key stakeholders was initiated to identify key gaps and create risk-based remediation plans for all impacted business functions.

‍

We helped our client ensure that:​

• A new project management setup was established, including a rescoping of the project, a milestone plan for execution and a supporting delivery model for swift execution.
• The corporate information security policies and requirements were completed and approved by executive management.​
• A new global cybersecurity governance framework was operationalized.​
• A plan and approach for business engagement and mobilization were created, driving the execution of stakeholder engagement across the organization.​