What is a baseline?
The management of an organization can, based on a legal policy, obtain a comprehensive overview and insight into the legal requirements. These requirements must be translated into an operational baseline. On the basis of this baseline, the management can implement and maintain appropriate management and security procedures.
It may be the case that management wants to comply with the law, but there is no financial room for this. A baseline can offer a solution, if it uses maturity levels. This allows the management of an organization to take appropriate measures at a speed that is possible, to be transparent about this and to match the compliance level to the current maturity level.
The chartered accountants, business experts and IT auditors of Duthler Associates have developed comprehensive sector- and company-specific baselines, which are continually updated and linked to our legal policies. The baselines form the basis for smart assessment and the declaration of accountability surveys.
We currently have baselines for the healthcare sector, education, social services and the financial sector. Expansion into other fields is ongoing. We have used the SIVA framework for working out the baselines. SIVA stands for Structure, Content, Form and Analysis order and is a basic principle of the Dutch Government Reference Architecture (NORA).
The scope of the baselines includes operational management processes, protection of (personal) data and information and the underlying information systems. A classification has been made into strategic, primary, secondary and internal control processes. All common standard sets, such as ISO, NEN and NIST, are included in the baselines.
Company-specific baselines are used for setting up business processes and demonstrable compliance within companies. In many cases, the professionals of Duthler Associates ensure the maintenance of the baselines.
Baselines are implemented within the organization. The baselines can guide your organization in formulating policy or organizing identity and access management (IAM). The baselines can also be used to select and purchase control measures.
The baselines play a decisive role in determining compliance with legislation. We can use smart assessment to determine compliance with legislation or compliance with contract agreements. The professionals at Duthler Associates arrange the compliance process for you by assigning tasks, powers, and responsibilities that are recorded in an authority register. The automated collection of internal control documents then takes place automatically. The internal control performs a check on the collected evidence. The professionals at Duthler Associates can assist you or take over the role of internal control.
Would you like to know more or use our baselines and smart assessments? Please contact us. We are delighted to meet you.