Group-wide introduction of CRISAM® at ÖBB

In these economically challenging times it is important for companies to know all the business issues and key figures. In the context of IT you can ask questions about the risk and the opportunities to bring and keep this risk to an adequate level. Each CIO knows these questions and problems, where he will usually faces a loss, because the toolsets, that are used, don't display the appropriate risk responses.

The ÖBB Group had to develop a profitability for the IT risk provisioning policy. They tried to solve this problem first with the traditional approach ROI (return on investment). With the ROI, it was possible to calculate the cost of investment and determine the date when it pay off. This approach was not appropriate for it to assess IT security investments. Because of this all ÖBB group companies finally decided to use CRISAM^®  as a tool to identify IT risks, assess and control them in a continuous improvement process. Thus, the impact of IT systems could be shown in relation to the business. Ultimately, a reduction of the potential impact of IT systems and processes has been achieved on the operating results. Another advantage arised because of the connection to the overall risk management system within the group, so the IT-related risks could be automatically resumed. Finally, it was possible with the help of CRISAM^® to visualize simulations of the improvements of the IT infrastructure. The impact of the measures were directly traceable and so the transparency of the service provider ÖBB DLG IS could be increased. CRISAM^® has proved as a good tool for decision-makers for corporate management in the ÖBB Group, because CRISAM^® assesses the company's IT in the context of support processes and provides a clear and transparent basis for decision making.

ÖBB-Servicing Ltd.:
The task of ÖBB-Servicing Ltd. is to support the entire ÖBB Group in numerous cross-cutting functions. The DLG is available for clients as a consultant in order to avoid in the complex company ÖBB duplications and to achieve savings through effective sourcing and the best possible support through a high-quality information technology. Particularly important are also the creation and adherence of an uniform framework for the equitable treatment of all employees in the Group. DLG's core competencies include business HR (Human Resources), IT (Information Services), central purchasing, internal services and social services. The DLG supports with its services the group's central goal of becoming a top European track.

"With the implementation of this group-project it was possible to establish an IT risk management system that shows not only the current IT risks, but also visualizes the effect of the proposed improvement on the residual risk and this data is directly available for the Enterprise Risk Management. (Bruno Fegerl Ing, Project Manager at the ÖBB-DLG IS)

October 2009