Implementation of ISMS

Construction of information security management system (ISMS) in accordance with the international standard ISO / IEC 27001: 2005.

Stages of work:

  • survey: definition of the area of activity, selection of critical business processes that will be defended;
  • development of the organization’s security policy;
  • determination of the methodology for assessing information security risks and acceptable levels of risks;
  • risk identification;
  • risk analysis and assessment;
  • preparation of a treatment plan for each critical risk, allocation of controls;
  • development of ISMS policies and procedures;
  • implementation of ISMS – implementation of controls (protection mechanisms) according to the risk treatment plan;
  • preparation for ISMS certification by an independent party.