... protect your know-how and sensitive information ...
What is ISO/IEC 27001:2013 and what is the information security management system for
Information security management system according to ISO/IEC 27001:2013 (ISMS - Information Security Management System) talks about managing all processes in the company to achieve the required level of security of the information used, continuous improvement, company growth as well as the know-how protection. There are many risk reviewed in connection with the information security, that affect the company as a whole and attack its stability. This system leads to the reflection which information is important, has to be protected and what is the limit of the defined risks that is acceptable.
Our portfolio of services in the ISMS area
We work with the quality management system more than a decade. This standard transformed from British BS7799-2:2002 to ISO standard in the year 2005, was revised in 2013 and it is still in force. This standard is intended not only to the companies that deal with the information technologies. The rules of the information security can be implemented in any company, that values and wants to protect its important and confidential information and data. We have experience from various areas as e.g. manufacturing companies, financial institutions or companies providing services. The basis of the successful ISMS implementation is deep analysis of the company processes and understanding the relationships and connections that are fundamental to the particular company only. We take each company as unique and we adjust our services to its needs.
- 1Consultancy during the ISMS implementationconsultancy during the information security management system implementation according to ISO/IEC 27001:2013 includes analysis of the present status of your processes compared to the requirements of the standard and their alignment
- 2ISMS documentation creationone part of the information security management system is creation and management of the documentation that is required by the standard or documentation required for your activities respectively
- 3Performance of the internal ISMS audits in your companyanother required part of the ISO/IEC 27001 standard is the performance of the internal audits, that help to detect the weak spots in the processes and allow their elimination or minimization respectively, through the corrective actions
- 4Qualified training of your internal auditors and the information security managerthe standard requirement related to the internal audit performance can be covered via internal human resources, that possess qualified training and practice in the area of the internal audit performance
- 5Top management training in the ISMS areatop management of the company plays important role in each information security management system, therefore it is important part of the ISMS training to indicate it's responsibilities, competencies and overall awareness
- 6Assistance at the certification auditsthe aim of the ISMS implementation is generally to obtain certificate in this area, what is preceded by a certification audits that are performed by accredited certification bodies
- 7Consultancy on maintaining ISMSit is required to show the maintaining and improving the information security management system in the company to the certification body during the accredited ISMS certificate validity (3 years) via annual surveillance audit
- 8Performance of ISMS audit of your supplierscompanies having implemented and certified information security management system usually require that their suppliers comply with these rules too; one of the tools how to evaluate the level of compliance with the rules is a so called "customer audit"