Smiling lady

IBI in seven clear steps

Securing your IT environment and business information is a continuous process that requires a thorough and structured process. This is why we approach your IT security cyclically, where we re-run your risk analysis periodically, keeping in mind the changes in technology and your organisation.



Step 1 – Principle workshop

Start with a vision for your company’s Information Security

Information security starts with a clear vision. Working together with your organisation, we determine your vision for information security by going through predefined principles, determining whether they apply to your organisation, and what this means in practice.

Step 2 – Policy workshop

Build the foundation of your information security

The next step in the IBI process is establishing a strategic policy by setting out your organisation’s ambitions in the field of information security. By formalising this strategic policy, together we create a mandate to take definitive steps in improving your information security.

Step 3 – Inventory

Map your environment

Good information security can only be achieved if there is a clear picture of what actually needs to be secured. That is why every project starts with mapping the basic environment and a comprehensive analysis of the information systems within your organisation. This involves looking at People, Equipment, Software, Data, Organisation, Environment and Services.

Step 4 – GAP Analysis

Define where improvements are needed

In the GAP Analysis, the inventoried environment is tested against the potential improvement actions that are part of the IBI framework, depending on the ambition level set in the strategic policy. For each measure, we determine whether and, if so, how, it has been implemented. Together, we discuss each measure’s usefulness, necessity and priority.

Step 5 – Impact analysis

Assess the implications

At the end of the GAP Analysis, we’ll have a list of measures that require action. For the next step, our impact analysis, we delve deeper into these measures and actions. This requires determining the overall implications for your organisation, the technical implications, and whether additional licences, management guides, or resources are needed. In essence, we create a mini business case for each measure so that together we can make informed decisions.

Step 6 – Information Security Plan

Create a blueprint

The information security plan brings together our findings from all our data gathering and analysis. It  becomes your IT operational document that underlies your strategic policy and describes the steps, the timeframe, the required budget and the division of roles needed to realise the ambitions of the strategic policy. This information security roadmap becomes an important document in an audit.

Step 7 – IBI Services

Get a daily snapshot of your IT environment

With IBI Services, we ensure continuous focus on your organisation’s information security. Not only do you get a dashboard showing the latest state of affairs on a daily basis, we also perform various checks on technical measures every day. Our team of experts keeps track of best practices and continuously incorporates them into your Integrated Baseline for Information security. We also periodically conduct a comprehensive audit, reviewing your identified improvement actions and revising your information security plan.