C3602 IT Security Plans
Properly planning security is key to achieve EU goals
European Institutions develop and manage more and more complex, customized and interconnected information systems. They are also more often targeted by various cyber-attacks.
Proper security planning has never been so evident for EU institutions, especially when it comes to compliance with Decision C(2006) – 3602 issued by European Commission, hence its name.
Why planning security?
Next to the compliance with the requirements of Commission’s Decision 3602, defining that all information systems have a documented IT Security Plan, security planning has several benefits for EU institutions:
- Plan and apply cost effective security measures based on the business risk exposure while preserving EU institutions assets
- Align the IT security effort and investment with business and strategic priorities of the EU institution
- Overcome the complexity to make decision on information security investment
- Use the achievement of compliance with the Commission’s Decision 3602 to prepare for compliance work with other information security standards and frameworks
- Increase the transparency of IT security and compliance efforts
How can we help?
Deloitte’s large experience with EU institution combined with a deep expertise in IT Security is the basis of the C3602 IT Security Plan methodology we built in line with the Implementing Rules for Commission Decision C(2006) 3602 and other relevant European IT Security guidelines and policies.
Our Deloitte C3602 IT Security Plan methodology has been successfully field-tested in different EU environments and is continuously being improved.
In addition, our methodology is fully in line with most internationally accepted IT Security standards and frameworks, such as ISO 27001, EBIOS, COBIT 5, etc.
The enclosed brochure provides more information on Deloitte's proprietary C3602 IT Security Plan methodology and explains how it can be rolled out in your institution.