Integrated risk management
A rising threat level and stricter legal requirements called for a unified approach to security – one that could encompass roles, responsibilities, and organisational units.
Establishment of a group-wide risk management model along with SOC and SAC functions.
Today, the Central Denmark Region operates with an integrated security structure that strengthens both strategic risk management and operational execution capabilities.
The Central Denmark Region chooses integrated risk management as answer to stricter security requirements
A very high professional bar has been set for the Central Denmark Region: they need to deliver world-class healthcare, nothing less. And with Aarhus University Hospital recently recognised as the 18th best hospital in the world, the region is certainly delivering on its objectives.
Nevertheless, the Central Denmark Region – along with other regions and critical service providers – are having to contend with a number of challenging factors in the current climate. These include increasing cyberattacks, geopolitical tensions, growing compliance requirements and increasing digitalisation needs across business units.
With this in mind, we have chosen to organise our security efforts in a virtually integrated structure. We have a Security Operations Centre - the SOC - which is responsible for the continuous monitoring of the region's IT systems and can react quickly when suspicious activity or disruptions occur. We have a Security Analytics Centre - the SAC - which can drill down into security incidents and strengthen our ability to prevent and manage threats. And we have our group-wide risk management model that sets the framework for how we work with compliance.
Strategic advisory
Back in 2015, the Central Denmark Region produced a security report with 41 suggestions for security improvements. One of those suggestions was the creation of the SOC, which has since become a reality. Based on the report’s other recommendations, the Central Denmark Region has undergone an internal maturation process lasting some years, which has significantly strengthened the organisation’s security level. Globeteam has been on board as the region’s strategic sparring partner for much of this process.
According to the Central Denmark Region, the key to their security work is an integrated approach to risk management and risk handling. Security capabilities are not physically located in one place, such as an operations department, but instead are organisationally anchored across units and functions. This structure ensures that security is not something that is handled in compartmentalised silos; but deeply rooted in the region’s IT and business operations.
About The Central Denmark Region
The Central Denmark Region is Denmark’s second-largest regional authority, employing approximately 30,000 people. The region operates five hospital units – including Aarhus University Hospital and Gødstrup Regional Hospital – as well as psychiatric services and the pre-hospital emergency system. It serves around 1.3 million citizens and handles more than 3.5 million patient contacts annually. The region is also responsible for specialised services for vulnerable and disabled individuals, and carries out tasks related to regional development.
Can I help?
Do you want to hear more about how Globeteam can help you with a similar case? Please feel free to contact me at +45 6191 3762 or ppo@globeteam.com