During the entire life cycle of products, services, and key strategic and operational processes, Schibsted identifies and mitigates risks and threats affecting the operations and services.
The analysis aims to guide decision-making and ensure proper implementation of security measures to meet compliance and balance risk exposure.
To ensure that Schibsted conducts its operations and delivers according to expected quality, common requirements must be fulfilled.
Examples of such requirements are in the areas of change management, logging, using third-party services, IT, and network management. It is the responsibility of the line organization to implement and comply with the governing documents and procedures that Schibsted has adopted, according to the Schibsted security governance model. Security delegation agreements are defined and delegated to the line organization to ensure compliance, clarifying their role, mandate, and responsibility within the security area. Risk analysis and risk assessment are used for making decisions and for ensuring proper implementation of security measures to meet compliance and balance risk exposure.