Implementation of ISMS
Development of Information Security Management System (ISMS) under the international standard ISO / IEC 27001: 2005.
Stages of works:
- Survey: identification of the sphere of activity, allocation of critical business processes that will be protected;
- Development of organization security policy;
- Determination of the methodology of information security risk assessment and acceptable level of risks;
- Identification of risks;
- Risk analysis and assessment;
- Preparation of a processing plan for each critical risk, allocation of controls;
- Elaboration of ISMS policies and procedures;
- ISMS Implementation – implementation of controls (security mechanisms) under the Risk Processing Plan;
- Preparation for ISMS certification by an independent party.