Information Security Management System (ISMS) is a comprehensive documented solution for working with information. Information is essential for the proper functioning of both individual organizations and economies. Therefore, they must be adequately protected. In particular, against unauthorized access by incompetent persons, against accidental or deliberately harmful alterations or destruction, and must always be available if necessary.
INFORMATION SECURITY MANAGEMENT IN PRACTICE
Experience shows that ensuring information security is in fact a managerial rather than a technical problem. The existence of processes and structures, as well as sufficient human and financial resources to provide security solutions, are key to effective security solutions – whether it is related to information security management, emergency plan preparation or technology implementation.
Build an Information Security Management System (ISMS) in your organization that will integrate all technical, administrative, operational activities to fully meet your needs, meet criteria in line with international standards and meet regulatory or legal requirements.
ISO/IEC 27001 & ISO/IEC 27002
ISO / IEC 27001 provides a model for implementing an effective information security management system (ISMS) in an organization and synergistically complements ISO / IEC 27002. The two standards are closely interlinked, but each one has a different role. While ISO / IEC 27002 provides a detailed overview (catalog) of security measures that can be selected when building an ISMS, ISO 27001 specifies requirements for how to properly implement an ISMS in an organization. Any ISMS certification then takes place according to ISO / IEC 27001.
The RAC team has been using ISO / IEC 27001 and 27002 in the realization of security projects, such as implementation, revision, preparation for audit or direct auditing of the information security management system or its parts.
HOW CAN WE HELP YOU?
We offer solutions for security management both in the form of a comprehensive information security management system (ISMS) and as a solution for individual security segments. Based on long-term experience and proven procedures, corresponding to international standards, the RAC team is ready to help you throughout the entire information security management lifecycle. From planning, setup, implementation to maintenance and continuous improvement of the system.
SOLUTIONS FOR DIFFERENT AREAS OF INFORMATION SECURITY
– Analysis of the current state of information security of the organization
– Creating a plan and preparing follow-up security projects / activities
– Creation of a regulatory basis (documentation of strategy, policies, manuals, etc.)
– Setting roles and responsibilities
– Setting up processes, activities and procedures
– Raising safety awareness among employees, suppliers, customers (trainings, creation of documents for the awareness campaign, etc.)
– Asset management (registration and classification of information, rules for assets handling, access control, determination of responsibilities, etc.)
– User and Privileged Identity Management (CyberArk)
– Determining requirements and criteria for tenders
– Setting up a cooperation with suppliers
– Incident management
– Information risk management (IRM)
– Business continuity management (BCMS)
– Support for the implementation of the requirements of Act No. 181/2014 Coll. on cyber security
– Support for the implementation of GDPR requirements
– Determining logs requirements
– Determining backup requirements
– Determining requirements for acquisition, development and maintenance of systems
– Technical vulnerabilities management (Qualys, Tenable)
– Penetration testing
– Compliance with legal or normative requirements
– Setting up and implementing the internal audit process, including the necessary documentation
– Support during an external or certification audit
– Creation of documentation for management review
COMPLIANCE WITH STANDARDS
All provided services, created documentation and processes set are performed in compliance with
International standards:
ISO 22301 (BCMS)
ISO 22313 (BCMS)
ISO/IEC 27001 (ISMS)
ISO/IEC 27002 (ISMS)
ISO/IEC 27005 (IRM)
ISO 9001 (QMS)
ISO 14001 (EMS)
Legal requirements:
Act No. 412/2005 Coll. on classified information and security clearance
Act No. 181/2014 Coll. on cyber security
Act No. 110/2019 Coll. on the processing of personal data
Other standards:
ITIL (Information Technology Infrastructure Library)
COBiT (Control Objectives for Information and Related Technology)
BASEL II
PRINCE2
ISM CONSULTANCY
In security, as in all areas of informatics, one of the biggest issues, right after insufficient human resources, is the lack of knowledge resources and the enormous breadth of issues that security affects.
Our consulting support is intended for employees who are responsible for information security management, for the professional guarantee of security issues and for the performance of technical activities related to this issue.
SOLUTIONS FOR DIFFERENT AREAS OF INFORMATION SECURITY
– Analysis of the current state of information security of the organization
– Creating a plan and preparing follow-up security projects / activities
– Creation of a regulatory basis (documentation of strategy, policies, manuals, etc.)
– Setting roles and responsibilities
– Setting up processes, activities and procedures
– Raising safety awareness among employees, suppliers, customers (trainings, creation of documents for the awareness campaign, etc.)
– Asset management (registration and classification of information, rules for assets handling, access control, determination of responsibilities, etc.)
– User and Privileged Identity Management (CyberArk)
– Determining requirements and criteria for tenders
– Setting up a cooperation with suppliers
– Incident management
– Information risk management (IRM)
– Business continuity management (BCMS)
– Support for the implementation of the requirements of Act No. 181/2014 Coll. on cyber security
– Support for the implementation of GDPR requirements
– Determining logs requirements
– Determining backup requirements
– Determining requirements for acquisition, development and maintenance of systems
– Technical vulnerabilities management (Qualys, Tenable)
– Penetration testing
– Compliance with legal or normative requirements
– Setting up and implementing the internal audit process, including the necessary documentation
– Support during an external or certification audit
– Creation of documentation for management review
COMPLIANCE WITH STANDARDS
All provided services, created documentation and processes set are performed in compliance with
International standards:
ISO 22301 (BCMS)
ISO 22313 (BCMS)
ISO/IEC 27001 (ISMS)
ISO/IEC 27002 (ISMS)
ISO/IEC 27005 (IRM)
ISO 9001 (QMS)
ISO 14001 (EMS)
Legal requirements:
Act No. 412/2005 Coll. on classified information and security clearance
Act No. 181/2014 Coll. on cyber security
Act No. 110/2019 Coll. on the processing of personal data
Other standards:
ITIL (Information Technology Infrastructure Library)
COBiT (Control Objectives for Information and Related Technology)
BASEL II
PRINCE2
ISM CONSULTANCY
In security, as in all areas of informatics, one of the biggest issues, right after insufficient human resources, is the lack of knowledge resources and the enormous breadth of issues that security affects.
Our consulting support is intended for employees who are responsible for information security management, for the professional guarantee of security issues and for the performance of technical activities related to this issue.
Do you want to know more information? Don’t hesitate to contact us!
Do you want to know more information? Don’t hesitate to contact us!