Schibsted uses projects to conduct critical business work and allocate resources to investments. A common project model framework for project management is used, which aims to support the control, management, and execution of projects.
The common model enables measuring project progress and results in a unified way. The model provides a common project decision-making framework and supports the management of projects with common instructions and templates. Within the project models, there are security activities that will help the project identify and implement necessary measures to fulfil legal, contractual, and business requirements. These measures are a combination of physical and logical security measures for ensuring integrity, confidentiality, availability, and accountability, which will ensure the required security level. At the end of the project, there is a formal handover to the receiver organization. The purpose of the formal handover is to ensure that all the necessary information is transferred to the maintenance organization and that they can manage and ensure the required security level through the entire life cycle.
Schibsted uses third-party services for some parts of the operations. In these cases, Schibsted follows established procedures and routines to ensure the third party fulfils the required security level. These procedures include analyses to identify and set the requirements and follow up that the required security level set by Schibsted is achieved.