How does Perium benefit your organization? If you invest in the Perium platform, you obviously want to know what it delivers. In this blog we will discuss the business case for our customers. In making this business case, we started from an example organization of 50-100 fte that wants to professionalize efficiently and effectively in the field of risk management, information security and privacy. The example organization uses MS tools such as Excel.
We have prepared a compilation of the necessary activities and the savings to be achieved. The estimates below have been validated by us with a number of our clients and adjusted where necessary. Actual benefits depend on the complexity, size and maturity of the organization, among other things.
Activities for initial set-up
We begin with the activities required for the initial setup of an ISMS (Information Security Management System), risk management, associated control measures and reporting. Then we have shown the estimated savings behind each activity.
Activity | Estimated savings (in hours) |
Defining Management System Requirements | 80 – 160 |
Defining Threats | 40 – 80 |
Defining Vulnerabilities | 40 – 80 |
Defining Risks | 80 – 160 |
Defining Management Measures | 40 – 60 |
Defining relationships Management measures / Risks. | 40 – 60 |
Setting up registration and reporting | 20 – 40 |
Total | 340 – 640 |
Within Perium, we have already largely implemented and/or prepared these activities based on best practices and proven (international) standards. The results have been made available integrally in our platform and immediately available for use. The information we have relied on has been published by OWASP, NIST, Norea/NBA and the ISO, among others. For some published information it is necessary to purchase a license yourself (for example, the ISO27001) but much information is freely available. For the information security management system (ISMS), we have provided templates for standard ISMS tasks. Templates are also available for control measures. Useful to use instead of having to reinvent the wheel yourself.
So the big advantage is that you don't have to perform these activities entirely yourself. This saves considerable time. Everything is available, in a relational database, complemented by clear and up-to-date reports.
Repetitive activities
In addition to savings for the initial setup, we also see savings that can be realized annually. This is related to recurring tasks you have to perform as an organization.
Activity | Estimated savings (in hours) |
Uniform registration (way of working and one source) | 20 – 40 |
Reporting (automated instead of manual) | 40 – 60 |
Monitoring on assessments and action plans | 60 – 80 |
Data maintenance | 20 – 40 |
Total | 140 – 220 |
With the Perium platform you always have one central place with clear records of activities that can be performed according to a uniformed way of working. Periodic reporting on results is easy to achieve using the dashboard and the already predefined overviews. For users and management, the status of risks, control measures, improvement plans and regular tasks is clear at any time.
Questions that can be answered directly with the platform are:
- How mature is our management system?
- What are our biggest risks?
- Do we have the right management measures in place?
- How effective are the management measures taken?
- Do we comply with ISO27001 (or BIO, NEN7510 etc), NIS2 and privacy requirements?
- Are non-effective management measures being worked on?
Qualitative benefits
Perium was developed from a business perspective. As a result, powerful principles have been incorporated into the platform such as the 4-eye principle, ownership and triggers (calls to action) for users. Together with the aforementioned, these elements deliver qualitative benefits:
- Better quality by using standards and validated data.
- Better monitoring possible on Information Security and Data Privacy aspects.
- Automatic alerts and monitoring for assessments and action plans.
- Automated and up-to-date reporting from a single source.
- Validated and reliable information.
- The content in the Perium platform always remains current through upgrades from Perium.
- Learning in response to trends and benchmarks (anonymous).
- Better understanding in the management of an organization.
- Better decision-making.
- Integrated PDCA cycle.
Conclusion
It is important for each organization to make its own assessment of the benefits of acquiring the Perium platform, but the above provides a good starting point. Determine for yourself which activities you do not currently perform, or perform incompletely or not yet optimally, and what savings are possible. Estimate what the qualitative benefits will bring you and whether that matches your ambitions.
We apply the principle of "create once, use many" to keep the administrative burden as low as possible. With our approachable platform, we want to make a difference and help organizations grow in resilience.
Questions?
Do you have questions or want to know more about Perium? If so, please contact us. We'd love to talk to you!