05.03. 2024 - 06.03. 2024
Complete the introduction of information security management system according to ISO / IEC 27001
Information security management system according to ISO / IEC 27001
Basic principles of the system:
- Risk prevention
- Protection of assets
- Protecting business information
- Ensuring continuous improvement
The process of implementation of the principles of the safety management system in accordance with the relevant standards:
- Development of the analysis for the implementation of the management system
- Start of implementation of agreed recommendations of the analysis including:
- implement measures to ensure fulfillment of legal requirements
- implement measures arising from the standards, including:
- Identification of all assets and relevant threats
- Design and implementation of assessment methodology
- Evaluation of all relevant risks
- Processing risk register
- Defining significant risks
- Setting objectives, targets and programs for its implementation
- Issuance of company policy
- Processing Register of legal and other requirements
- Defining measures for the management of all significant risks
- Providing training for employees at different levels:
- Top management
- work team of Implementation
- Internal auditors
- Central management
- Employees
Processing system documentation and records
Setting up an effective and efficient communication in accordance with the relevant safety standards
Determination method of monitoring and measurements in the range:
- legislative requirements
- management of risk indicators
- target values
- Emergency preparedness and business continuity plans
Implementation of internal audits
Ensuring procedure for implementing corrective and preventive actions
open training of internal auditors according to the requirements of the API specification Q1 10th edition of the specification for quality programs in the oil, petrochemical and gas industry
terms:
read more