To get the best help for your situation, first answer the questions on the guide's start page.
VAHTI best practices
Digital security risk management- Guide's start page
- Introduction to digital security risk management
- Risk management
- Safety and security management
- Continuity management and preparedness
- Information security
- Data protection
- Checklist
Plan safety and security management
Decide the information security principles
The organisation’s senior management decides on information security principles, communicates about them and implements them in practice. Management must make the employees and the key stakeholders, such as service providers, aware of the principles.
Updated: 29/10/2024
Assess the risks
You can use the SFS-ISO 31000 risk management standard to assess risks in safety and security management. You can find instructions for how to assess risks in accordance with the standard on the guide’s page Describe the risk management measures.
Updated: 29/10/2024
Scale and outline measures
Safety and security management practices must support the organisation’s willingness and capacity to take risks. You should scale and design them so that they are regular and so that you can use them to prioritise and allocate the organisation’s resources.
Updated: 29/10/2024
Plan out the measures
The practical tasks of safety and security management include
- planning the operation
- the operation and
- monitoring of the operation.
Safety and security management practices must be designed so that they support the organisation’s risk management. Get an approval of the organisation’s senior management for the plan.
Updated: 29/10/2024
Take care of the guidelines
In order for compliance with guidelines related to safety and risk management to become part of the organisation’s safety culture, the guidelines must be documented and made available to everyone.
Make sure that
- the guidelines are part of the orientation programme for new employees
- the guidelines are shared throughout the organisation
- the guidelines are reviewed regularly
- the guidelines are updated and developed.
Updated: 29/10/2024
Ensure continuity management
Ensure that continuity management is designed to support the organisation’s strategic goals and is part of the organisation’s management culture.
Also make sure that
- the functionality of continuity plans is tested by practising
- the plans are updated regularly and as the operating environment changes.
Updated: 29/10/2024
Decide how to deal with disruptions and deviations
Make sure that your organisation has procedures for disruptions and deviations. The procedures must be
- documented
- shared with the entire organisation and key stakeholders, and
- tested regularly, for example, by practising.
If you agree to changes in the procedures, you should also update the documentation and remember to share information about the changes.
Updated: 29/10/2024
Take care of managing safety deviations
As a manager, you are committed to developing the safety culture and managing deviations as planned.
Ensure that the organisation has sufficient resources and competence for
• detecting and
• handling safety deviations and
• to recover from them.
Updated: 29/10/2024
Use standards and frameworks
Updated: 29/10/2024