Information Security Management System
The use of irregular and uncoordinated approach to ensure security of information processed may be not effective, or provide only partial security. If you want to consciously manage information security, it is necessary to use a systematic approach.

Effective implementation of the Information Security Management System (ISMS) provides a comprehensive approach to information security. Implementation of the ISMS in accordance with ISO/IEC 27001 ensures availability of mechanisms allowing continuous security improvement and provides treatment tool for information security in terms of tangible business value to the organization. The standard is also a basis for application of adequate and security proportionate control requirements as well as security best practices proposed in ISO/IEC 27002 (formerly called ISO/IEC 17799).

Key areas of business value and potential benefits from the implementation and certification of the ISMS:
  • Compliance with security requirements
    • Ensuring continued compliance with the requirements (laws, regulations, contractual obligations)
  • Optimization of costs and profits
    • Reducing costs by choosing control proportional to risk
    • Protecting processed information (e.g. intellectual property)
    • Opportunity to participate in projects requiring high information security
  • Business continuity
    • Ensuring continuity of critical business processes
    • Ensuring efficient and effective handling of events and incidents
  • Image and reputation
    • Protecting organization from a number of threats
    • Building image of the organization as an information security sensitive company
    • Element of building a competitive advantage
  • Efficiency and effectiveness of information security management
    • Systematic approach to managing information security
    • Senior management involvement in security
    • Choosing the appropriate organizational and technical control
    • Increasing importance of information security in an organization
    • Increasing security awareness
    • Compatibility with other management systems (eg ISO 9001, 14001)
    • Continuous improvement of information security

We offer consulting services focused on building and implementing support of an effective and efficient Information Security Management System, consistent with the model set by the requirements of ISO/IEC 27001. In addition, we provide assistance in preparing organizations for certification of compliance with this standard.

The service we offer includes:
  • Collecting basic information about the organization and its environment
  • Defining of range and boundaries of the ISMS
  • Determining the current state of information security management (preliminary assessment)
  • Defining security policy meeting the requirements of the standard
  • Defining method for information security risk assessment
  • Conducting training for the ISMS implementation team
  • Performing information security risk assessment
  • Developing risk treatment plan
  • Developing plan and timetable of the ISMS implementation
  • Implementing plan for dealing with risk and implementing the required control
  • Defining measures for assessing the effectiveness of control
  • Review of the Information Security Management System
  • Support and oversight in the certification process
© 2010 Prevenity Sp z o.o. All rights reserved.    Company | Legal information | Contact Us | Site map