Implementation of ISO/IEC 27001
Information Security Management System
Why ISO/IEC 27001?
The implementation of the Information Security Management System (ISMS) enables information resources of the organization to be comprehensively protected and secured against external and internal threats.
The global standard for information security is ISO/IEC 27001. The standard indicates requirements in the area of confidentiality, integrity and availability of information. It covers all issues related to the protection of information created, stored and processed in the company. Its purpose is to verify and strengthen the security with taking into account the sources of threats, such as people, business processes and technologies.
This standard is a part of the procedures related to Business Continuity Planning (ISO 22301), which enable efficient reaction to emergencies, and even unpredictable disasters.
The implementation of the Information Security Management System compliant with ISO/IEC 27001 includes the following tasks performed by SNP experts:
- conducting a zero audit
- carrying out an analysis of the company and identifying the processes and areas to be covered by the system
- identifying threats
- assisting in carrying out a risk analysis and assessment
- assisting in the development and verification of existing system procedures as well as the integration of the ISO 27001 system with other management systems in place
- training for employees regarding the requirements of ISO 27001
- training for managers in the field of corrective and preventive actions, and the supervision of documentation and records
- training for internal auditors
- an internal audit
- development or verification of the documentation required by law regarding the processing of personal data