Phase 1: Plan

This page describes the planning phase (Plan) of KTH’s information security work according to the Plan–Do–Check–Act (PDCA) model. In this phase, objectives, requirements, responsibilities and prerequisites for the information security work are established.

The planning phase lays the foundation for KTH’s practical information security work. It clarifies what the organisation aims to achieve in both the short and long term, which challenges need to be addressed, and how responsibilities are distributed across the organisation.

The expected outcome of the phase is documented objectives for the information security work, including the desired maturity level, as well as a shared conceptual framework for employees. The phase shall also result in completed risk assessments with probability and impact evaluations, an approved set of security controls (Statement of Applicability, SoA), an established communication plan, and an implemented information classification process with clearly defined responsibilities for information risk owners.

Next step

The next step in the process is the Do phase, where the decided security controls and working methods are implemented in practice.

My employment

Support and service

Education

Research

Organisation and regulations

Phase 1: Plan

Contact