Rollout process

Abstract

The elaboration of ESARIS and its ICT Security Standards and the implementation of the procedures, rules and practices within the ICT Service Provider are complex and must carefully be planned and conducted. In this chapter, some general regulations are outlined that may help to establish the architecture in an enterprise. Firstly, it is explained how the project can be organized. The description only relates to standard project management practices. It emphasizes that the main challenge is to bring ESARIS into the employees’ hearts and minds (Sect. 8.1). The documents must be stored and kept accessible for employees. A portal is set up in the Intranet and a documents identification schema is used in order to facilitate the search for and the localization of documents (Sect. 8.2). Many documents will contain information which is the intellectual property of the ICT Service Provider and therefore needs to be communicated in a restricted way. It is part of the rollout to define rules for the exchange of documents (Sect. 8.3). ESARIS specifies security measures that are part of ICT services and made to secure them. Hence, the security measures must be considered in the specification of services, which are used by user organizations to take their buying decision. In this way, the security measures of ESARIS become an integral part of the provider’s service offering portfolio (Sect. 8.4).