Step 5: Plan & control operational activities

In our series “In 10 Steps to Certification,” we have arrived at Step 5: Plan & Control Operational Activities. Where Step 4 was about competencies, it is now about how to plan, execute and be in control of the operational activities to be performed.

Why operational activities are important

Establishing and implementing a management system is the path to continuous improvement. Here, it is important that the organization remains in control of its processes and the associated activities associated with them. To determine operational planning tasks, an organization should consider the following:

Establish criteria for processes

• Objectives and desired outcomes
• Performance indicators (KPIs).
• Risk and impact analyses
• Compliance requirements and legislation

These criteria are the basis for process control. They ensure that everyone knows what is expected and how success is measured. When creating process criteria, involving both operational staff and compliance and/or risk managers is wise to do. This helps ensure a better connection between management and operations.

Implementing process control

Once the criteria are established, the real work begins: controlling the process. That means not only executing, but also continuously monitoring, documenting and adjusting.

• Monitoring implementation; Are tasks being performed as planned?
• Documenting results; Is there demonstrable evidence of what has been done?
• Adjust where necessary; Are deviations recognized and corrected in a timely manner?

Only reliable documentation can demonstrate that processes have been carried out as planned. This increases confidence in the ISMS and makes audits much easier.

Controlling changes

Changes are inevitable. Therefore, it is essential that planned changes be carefully managed, and that the impact of unintended changes be assessed. Consider:

• Conducting impact analyses
• Communication with all stakeholders involved
• Corrective measures in case of negative effects

A proactive attitude prevents small adjustments from growing into major security risks.

uComply facilitates: from insight to action

The uComply app facilitates in the planning and execution of tasks. As part of the planner, the organization can plan a task with a corresponding description. To ensure that the tasks get to where they belong, the organization can link the tasks to processes, risks, etc., among other things.

Since you want the tasks to match current working practices as much as possible, the task can be assigned to an employee or person and scheduled in, for example, the Outlook calendar, Task Scheduler tooling and/or a TEAMS message. In this way, as an organization, you make the activities to be performed part of the organization.

The uComply app provides the ability to gain insight into the number of open tasks, within which domain and what needs to be done. In addition to the uComply app, the uComply AI Consultant can help you determine what tasks need to be performed and how. Furthermore, the uComply AI Consultant helps the employee perform the task with any questions that may arise.