Operational Maturity Using RIIOT
The RIIOT Method – comprises five different approaches to data gathering and can be applied to the administrative, physical and technical areas and is a core underlying principle of any assessment activity.
- Review Documents
- Review documents for clarity
- Review documents for content
- Correctness and Consistency
- Record gaps
Interview Key Personnel. Examine for:
- Cynicism or suspicion on the part of the interviewee
- Use of unfamiliar terms and jargon (on the part of both parties)
- Difficulty in correctly recording the information
Impact Security Controls.
Observe Personnel Behavior
Test Security Controls
The collection and analyais of this information then contributes to an ISO27001/2 and ITILv3 assessment mapping. ITIL v3: