Skip to content

Security LifeCycle

Understand

Knighthood is cognizant of the people, information, and assets that require protection, their importance to our customers, health and safety needs, and the business repercussions of potential harm or loss. We consider how the facility will be utilized, who will use it, and what will be stored. We recognize any secure information or assets stored, as well as any other legal requirements. When sharing a space, we collaborate with other organizations to build this understanding.

Assess

Knighthood will assess risks to people, information, and assets to identify security measures that reduce them to an acceptable level. We identify security threats and vulnerabilities relevant to the situation. We analyze existing security measures and assess the likelihood and impact of each risk to decide if more action is necessary. Additionally, we consider the combined security risk of co-located organizations.

Design

Knighthood will design security measures appropriate to identified risks and meeting our customers’ risk tolerance. We will incorporate security requirements into customers’ business continuity and disaster recovery plans.

Accept Security Approach/Plan

Knighthood will present its plan to the responsible executive, who must accept the proposed security design is suitable before we implement it.

Implement

Knighthood will execute the agreed upon security measures, such as policies, processes, procedures, and technical security controls. Additionally, we will provide security awareness training for all staff and contractors.

Validate

Knighthood will confirm the risk mitigations and security controls prescribed in your design can be effectively implemented and are appropriate for their intended use.

Go Live

Knighthood ensures customers stay secure by staying up to date with security threats and vulnerabilities and keeping security controls up to date and fit for purpose. We provide ongoing security awareness training for staff and contractors.

Operate & Maintain

We identify and respond to security incidents or breaches as per our [Incident Reporting Process].

Review

We undertake regular reviews to ensure security measures remain fit-for-purpose and identify changes in use of facilities, organisation, or threat environment to inform improvements.

Retire

When a building or facility is no longer needed, we consider the security implications of any information, assets, or chattels during decommissioning. We recommend items to be destroyed, redeployed, or disposed of securely.