ISO/IEC 27001

ISO/IEC 27001:2013

... protect your know-how and sensitive information ...

Our projects

What is ISO/IEC 27001:2013 and what is the information security management system for

Information security management system according to ISO/IEC 27001:2013 (ISMS - Information Security Management System) talks about managing all processes in the company to achieve the required level of security of the information used, continuous improvement, company growth as well as the know-how protection. There are many risk reviewed in connection with the information security, that affect the company as a whole and attack its stability. This system leads to the reflection which information is important, has to be protected and what is the limit of the defined risks that is acceptable.

Our portfolio of services in the ISMS area

We work with the quality management system more than a decade. This standard transformed from British BS7799-2:2002 to ISO standard in the year 2005, was revised in 2013 and it is still in force. This standard is intended not only to the companies that deal with the information technologies. The rules of the information security can be implemented in any company, that values and wants to protect its important and confidential information and data. We have experience from various areas as e.g. manufacturing companies, financial institutions or companies providing services. The basis of the successful ISMS implementation is deep analysis of the company processes and understanding the relationships and connections that are fundamental to the particular company only. We take each company as unique and we adjust our services to its needs.

1
Consultancy during the ISMS implementation
consultancy during the information security management system implementation according to ISO/IEC 27001:2013 includes analysis of the present status of your processes compared to the requirements of the standard and their alignment
2
ISMS documentation creation
one part of the information security management system is creation and management of the documentation that is required by the standard or documentation required for your activities respectively
3
Performance of the internal ISMS audits in your company
another required part of the ISO/IEC 27001 standard is the performance of the internal audits, that help to detect the weak spots in the processes and allow their elimination or minimization respectively, through the corrective actions
4
Qualified training of your internal auditors and the information security manager
the standard requirement related to the internal audit performance can be covered via internal human resources, that possess qualified training and practice in the area of the internal audit performance
5
Top management training in the ISMS area
top management of the company plays important role in each information security management system, therefore it is important part of the ISMS training to indicate it's responsibilities, competencies and overall awareness
6
Assistance at the certification audits
the aim of the ISMS implementation is generally to obtain certificate in this area, what is preceded by a certification audits that are performed by accredited certification bodies
7
Consultancy on maintaining ISMS
it is required to show the maintaining and improving the information security management system in the company to the certification body during the accredited ISMS certificate validity (3 years) via annual surveillance audit
8
Performance of ISMS audit of your suppliers
companies having implemented and certified information security management system usually require that their suppliers comply with these rules too; one of the tools how to evaluate the level of compliance with the rules is a so called "customer audit"