Attainment – achieving compliance with ESARIS standards

The ESARIS Attainment Model (or: ESARIS Compliance Attainment Model) relates to activities ensuring that the ESARIS security standards are actually implemented and comprise methods for verifying this (Sect. 7.1). In the first place, the ESARIS security standards have to be developed by starting with requirements engineering as the basis (Sect. 7.2). The “Attainment” is organized into five ESARIS Attainment Levels which relate to the achievement of milestones in delivering ICT services according to the methods, procedures, and standards of ESARIS. The first three levels are related to more technical activities (IT engineering, implementation), the set-up for delivery (operations) and include methods for measuring the compliance (Sect. 7.3). The other two levels relate to the integration into portfolio and service catalogs. The portfolio development and the consideration of security in service catalogs (Sect. 7.4) are important for user organizations or even the next party in the internal supply chain of the ICT Service Provider.