Complete the introduction of information security management system according to ISO / IEC 27001
Information security management system according to ISO / IEC 27001
Basic principles of the system:
- Risk prevention
- Protection of assets
- Protecting business information
- Ensuring continuous improvement
The process of implementation of the principles of the safety management system in accordance with the relevant standards:
- Development of the analysis for the implementation of the management system
- Start of implementation of agreed recommendations of the analysis including:
- implement measures to ensure fulfillment of legal requirements
- implement measures arising from the standards, including:
- Identification of all assets and relevant threats
- Design and implementation of assessment methodology
- Evaluation of all relevant risks
- Processing risk register
- Defining significant risks
- Setting objectives, targets and programs for its implementation
- Issuance of company policy
- Processing Register of legal and other requirements
- Defining measures for the management of all significant risks
- Providing training for employees at different levels:
- Top management
- work team of Implementation
- Internal auditors
- Central management
- Employees
Processing system documentation and records
Setting up an effective and efficient communication in accordance with the relevant safety standards
Determination method of monitoring and measurements in the range:
- legislative requirements
- management of risk indicators
- target values
- Emergency preparedness and business continuity plans
Implementation of internal audits
Ensuring procedure for implementing corrective and preventive actions