What is it?
Solution Assessment is a process managed by the SIP Office to evaluate the cybersecurity and risk profile of new or significantly changed IT solutions before they are deployed at Syensqo.

Why is it important?

• Identifies and mitigates potential security risks early in the project lifecycle
• Ensures IT solutions comply with Syensqo’s security policies and regulatory requirements
• Protects Syensqo’s data, operations, and reputation

When is it required?

• For all new IT solutions or significant changes to existing solutions
• During major upgrades or integrations with other systems
• As part of the project portfolio management process

How does it work?

1. Initiation: The project team contacts the SIP Office to start the assessment.
2. Information Collection:
   • The project team completes the Inherent Risk Questionnaire (IRQ)
   • Additional documentation may be requested depending on the solution’s complexity
3. Analysis: SIP analysts review the information, perform a risk analysis, and may conduct technical assessments (e.g., penetration testing).
4. Reporting: The SIP Office provides a Residual Risk Restitution report, summarizing findings and recommendations for risk mitigation.

Key Responsibilities:

• Project Owner: Initiates the assessment, completes required questionnaires, and implements recommended actions.
• SIP Office: Guides the process, analyzes risks, and delivers the assessment report.

Contact:
For more information or to start a solution assessment, email: sip-office@syensqo.com