informationssicherheit-qualitaetsmanagement-dqs-grafische darstellung von prozessen im unternehmen im buero

SRAA for Plan International HK

DQS HK

Blog Author
May 20 , 2025

In an era where digital transformation is integral to daily operations, information security has become more than a technical concern—it is a critical component of organizational governance. To strengthen its data protection framework and enhance risk management capabilities, Plan International Hong Kong has partnered with DQS Hong Kong to implement a comprehensive Security Risk Assessment and Audit (SRAA), including targeted penetration testing.

This collaboration reflects the organization’s strategic commitment to both regulatory compliance and long-term resilience in managing sensitive information.

About Plan International Hong Kong

As a member of the global humanitarian organization Plan International, Plan International Hong Kong is dedicated to promoting gender equality and children’s rights in over 80 countries. Locally, its work focuses on education, child protection, youth development, and emergency response—driven by a mission to foster an inclusive and equitable society.

 

Why SRAA? Compliance and Confidence

As a government-funded organization operating in Hong Kong, Plan International Hong Kong is subject to the information security requirements set by the Office of the Government Chief Information Officer (OGCIO), including periodic SRAA evaluations and penetration testing.

More importantly, the organization views SRAA as a strategic opportunity to enhance its internal capabilities, particularly in the following areas:

  1. Identifying potential risks and preparing effective safeguards
  2. Strengthening the management of sensitive data, including donor and beneficiary information
  3. Demonstrating transparency and accountability to stakeholders and the public
  4. Fostering a culture of security awareness across all levels of operation

 

Planned Scope of the SRAA Engagement

Plan International Hong Kong has selected DQS Hong Kong as its partner to deliver an SRAA service package aligned with international standards. The engagement is set to include the following components:

  • Security Risk Assessment (SRA): A comprehensive analysis of IT infrastructure and data workflows to identify potential high-risk areas.
  • Security Audit (SA): A structured review of existing security policies and technical controls to assess alignment with internal requirements and industry best practices.
  • Penetration Testing: Authorized simulations of cyberattacks targeting systems such as websites, wireless networks, and mobile applications, aimed at uncovering exploitable vulnerabilities.
  • Reporting: A detailed assessment report outlining findings and insights to support risk governance and internal planning.

 

Anticipated Outcomes and Capability Gains

Upon completion of the engagement, Plan International Hong Kong is expected to achieve the following improvements:

  1. A risk-based governance framework with clear lines of responsibility
  2. Enhanced visibility and security across data assets and interdepartmental collaboration
  3. Improved staff awareness and stronger engagement with security protocols
  4.  A solid foundation for safely adopting emerging technologies such as AI and cloud platforms

 

Relevant Services:

 

Author

DQS HK

"In everything we do, we set the highest standards for quality and competence in every project. This makes our actions the benchmark for our industry, but also our own mission statement, which we renew every day"

You Might Also Enjoy These Reads

Discover more articles that dive deep into related themes and ideas.
Blog

AWS and Azure Are ISO 27001 Certified — But That Doesn't Mean Your Company Is

Read more
Blog

NIS-2 for Managing Directors: Duties, Liability, and Implementation

Read more
Blog

Why ISO 42001 is the Essential Strategic Upgrade to Your ISO 27001 Certification

Read more