Security LifeCycle
Understand
Section titled “Understand”Knighthood is cognizant of the people, information, and assets that require protection, their importance to our customers, health and safety needs, and the business repercussions of potential harm or loss. We consider how the facility will be utilized, who will use it, and what will be stored. We recognize any secure information or assets stored, as well as any other legal requirements. When sharing a space, we collaborate with other organizations to build this understanding.
Assess
Section titled “Assess”Knighthood will assess risks to people, information, and assets to identify security measures that reduce them to an acceptable level. We identify security threats and vulnerabilities relevant to the situation. We analyze existing security measures and assess the likelihood and impact of each risk to decide if more action is necessary. Additionally, we consider the combined security risk of co-located organizations.
Design
Section titled “Design”Knighthood will design security measures appropriate to identified risks and meeting our customers’ risk tolerance. We will incorporate security requirements into customers’ business continuity and disaster recovery plans.
Accept Security Approach/Plan
Section titled “Accept Security Approach/Plan”Knighthood will present its plan to the responsible executive, who must accept the proposed security design is suitable before we implement it.
Implement
Section titled “Implement”Knighthood will execute the agreed upon security measures, such as policies, processes, procedures, and technical security controls. Additionally, we will provide security awareness training for all staff and contractors.
Validate
Section titled “Validate”Knighthood will confirm the risk mitigations and security controls prescribed in your design can be effectively implemented and are appropriate for their intended use.
Go Live
Section titled “Go Live”Knighthood ensures customers stay secure by staying up to date with security threats and vulnerabilities and keeping security controls up to date and fit for purpose. We provide ongoing security awareness training for staff and contractors.
Operate & Maintain
Section titled “Operate & Maintain”We identify and respond to security incidents or breaches as per our [Incident Reporting Process].
Review
Section titled “Review”We undertake regular reviews to ensure security measures remain fit-for-purpose and identify changes in use of facilities, organisation, or threat environment to inform improvements.
Retire
Section titled “Retire”When a building or facility is no longer needed, we consider the security implications of any information, assets, or chattels during decommissioning. We recommend items to be destroyed, redeployed, or disposed of securely.