RAC ISMS – IMPLEMENTATION OF THE INFORMATION SECURITY MANAGEMENT SYSTEM

An information security management system (ISMS) is a documented system proving that the described information assets are protected, information security risks are managed, measures with the required level of guarantees are implemented and they are controlled as well. The ISMS may be implemented for a specific IS, individual parts of the IS or may involve the entire organization.

ISMS IN PRACTICE

Many organizations, for whom information and information technology are a key part of their business processes, are deciding how to effectively ensure their security. Addressing this issue requires an appropriate systemic and comprehensive approach and the basic guide for this are ISO standards ISO/IEC 27001 and ISO/IEC 27002. Both standards are closely interconnected, but each one has a different role. While ISO / IEC 27002 provides a detailed overview (catalog) of security measures that can be selected when building an ISMS, ISO / IEC 27001 specifies requirements for how to properly establish, implement, monitor, maintain, and improve an information security management system in an organization. Any ISMS certification then takes place according to ISO/IEC 27001.

ISMS, built on ISO/IEC 27001 and ISO/IEC 27002 standards, is fully compatible with quality management according to ISO 9001, environmental management system according to ISO 14001, OECD guidelines and is, as a single and comprehensive description of information security, a major creator of requirements and relationships at European level. Moreover, when reasonably implemented, it is purely practical and contributes to the effectiveness of security spending.

REASONS FOR ORGANIZATION TO IMPLEMENT ISMS

Information is a key condition for the proper functioning of business processes

Information security has not yet been addressed

The organization’s management requires an effective system solution

Own professional capacities are not available

Organization certification is assumed

ISMS IMPLEMENTATION BENEFITS

Effective management of information security risks, use of resources and capacities

Significant increase in the efficiency of investments made to ensure the required level of information security based on knowledge of risks

Integration of goals and requirements of the organization with security requirements – security from the business point of view

Competitive advantage – the possibility of proving the level of security – „Ticket for business“

Increase the organization’s credibility for partners and customers, protection of the reputation and established organization brand

System approach to the information security management, its continuous improvement and refinement of the functioning of management processes within the organization

Effective security incidents management

Emergency preparedness due to business continuity planning

HOW CAN WE HELP YOU?

Our employees have extensive practical experience and professional certifications, and we have already successfully managed many reference projects, including the first ISMS certification in the Czech Republic. We also have an integrated management system (IMS) in RAC, including quality management according to ISO 9001 and safety management according to ISO/IEC 27001, certified by DNV GL under the UK accreditation UKAS. Our team of consultants is ready to provide you with support in every single step of the successful implementation of ISMS, including any preparation for certification.

RAC ISMS SERVICE INCLUDES

– Analysis of the current state and environment of the organization
– Draft of scope and ISMS policy
– Design of security organization, determination of roles and responsibilities
– Design of the system structure of documentation
– Carrying out risk analysis and evaluation of risks
– Selecting measures
– Draft Declaration of Applicability
– Turnkey documentation
– Elaboration of plans for implementation of measures
– Training of employees of the organization, security manager and auditors
– Security incident management procedures
– Design and implementation of a process for planning the continuity of the organization’s activities
– Setting up the ISMS efficiency measurement process
– Preparation of ISMS management review
– Support for ISMS internal audits, including the proposal of corrective and preventive actions

RAC ISMS SERVICE INCLUDES

– Analysis of the current state and environment of the organization
– Draft of scope and ISMS policy
– Design of security organization, determination of roles and responsibilities
– Design of the system structure of documentation
– Carrying out risk analysis and evaluation of risks
– Selecting measures
– Draft Declaration of Applicability
– Turnkey documentation
– Elaboration of plans for implementation of measures
– Training of employees of the organization, security manager and auditors
– Security incident management procedures
– Design and implementation of a process for planning the continuity of the organization’s activities
– Setting up the ISMS efficiency measurement process
– Preparation of ISMS management review
– Support for ISMS internal audits, including the proposal of corrective and preventive actions

Do you want to know more information? Don’t hesitate to contact us!