Rote Consulting AB
← Competences03

Safety, security, protection and AI

Safety, security, protection and AI — symbolic image of digital protection and responsible AI

Operational security and protective security

The international situation, combined with deeper interdependencies and a higher degree of digitalisation, constantly creates new vulnerabilities. More organisations conduct or gain insight into security-sensitive activity — in parallel with more areas being designated as essential to society.

Rote actively pursues environmental scanning and method development across both operational security and protective security, where the boundaries are often hard to define and the safeguards overlap.

CAA
Critical Asset Assessment
PSA
Protective Security Analysis
PSP
Protective Security Plan
PA
Position Analysis
TPSA
Targeted Protection Security Assessment
PVA
Protective Value Assessments

We usually propose an initial critical asset assessment (CAA) to determine whether your operation falls within the Swedish Protective Security Act's requirement for a protective security analysis (PSA). The CAA is normally combined with audience-tailored training for senior roles.

If the assessment shows that you conduct security-sensitive activity in any part of your operation, we offer an in-depth protective security analysis (PSA) with an associated protective security plan (PSP) and, where needed, position analysis (PA) and various forms of protective value assessments (PVA).

Beyond this we also assist with targeted protective security assessments (TPSAs) and suitability reviews required in certain situations — for example ahead of signing protective security agreements, and during consultation processes with supervisory authorities or cooperation with external parties.

Rote's methods for asset assessment, protective security analysis and various evaluations are based on the requirements of Swedish protective security legislation and the latest guidance from the Swedish Security Service. Our experienced specialists in operational security and protective security can also provide ongoing support to establish a systematic approach to operational security and protective security and help you build a number of foundational capabilities — including personnel security (security vetting and training), stand-alone IT equipment, protective security agreements and the process for protective security procurement.

Applying and using AI

Information and data are today a strategic resource, and the approach your company or organisation takes is decisive for continued competitiveness, efficiency and even survival. Rote's model for sustainable data analysis with associated information governance covers the processes and structures that support you in extracting maximum business value or operational benefit from your information assets across the full lifecycle and value chain, with or without the support of AI. We also advise on how to achieve compliance with the EU AI Act while still creating operational value.

The area includes both a formal governance and management structure with roles, responsibilities and authority, and how the organisation relates to AI, digitalisation and concepts such as metadata, master data, information ownership and much more.

Modern and systematic data protection

The rights and freedoms of the individual are high on the agenda. Within data protection, Rote has all the experience and knowledge required for you, your company or your organisation to comply with the EU General Data Protection Regulation (GDPR), supported by a framework based on the internationally recognised standards ISO/IEC 27701 and 27018. We also have subject-matter experts on the EU e-Privacy Regulation (EPR) and applied data protection law, and can offer a Data Protection Officer as a service or as an interim role.

Effective and systematic information and cyber security

The foundation for effective and secure information handling is the international standard for management system requirements for information security (ISMS). An ISMS creates order when you establish, implement, monitor, review, maintain and improve your organisation's information handling — and thereby, among other things, reduces the cost of incidents, strengthens your brand and increases staff security awareness.

Our information and cyber security specialists have extensive experience of implementing and maintaining GRC in larger organisations and applying relevant parts of established frameworks and standards, such as NIST CSF and CIS Top 18, as well as carrying out compliance work related to NIS2, the Swedish Cybersecurity Act and the EU Cyber Security and Resilience Acts.

When systemising a coherent security effort, Rote can support with its proprietary method SMS – Security Management System – which is adapted step by step to your organisation's maturity. SMS covers the entire security domain and is based on ISO/IEC 27001/2, our many years of experience and a large number of ISMS implementations in global groups, mid-sized companies and the public sector.