From consultation to implementation
Our company provides a comprehensive service, offering initial consultations, the implementation of security processes and technological measures, and certification or exit audits.
We offer consultations on information and cyber security, as well as personal data protection (GDPR). We ensure that the entire implementation process complies with ISO/IEC 27001:2022 (Information Security Management System, ISMS), the Cyber Security Act and GDPR requirements.
During implementation, we work with the client to identify all elements involved in information and cyber security. We then prepare a risk analysis and risk management plan, and develop security guidelines within the specified scope. We perform internal audits and prepare mandatory records such as a Statement of Applicability (SOA), a management review and a risk analysis report.
Our goal is to help our clients successfully pass certification or cybersecurity audits while equipping them to effectively face information and cybersecurity threats without serious consequences.
The benefits of implementing and certifying an ISMS:
We will provide your employees with training so that they know exactly what to do in terms of security.
We implement security measures that are monitored and controlled to ensure they work effectively.
We set up security policies in the form of contracts with clients and employees (NDAs and SLAs), which are tailored to your needs.
We will help you to ensure compliance with the relevant legislation, minimising risks and possible penalties.
Information security
Information security involves a range of measures and procedures designed to protect a company’s information assets, including documents, records, emails, electronic files, services and databases. The ISMS standard defines this concept through the following areas:
Organisational security
- Determination of security roles and responsibilities
- Implementation of organisational processes (management review, SOA, etc.)
- Integrating security into the company environment
Information asset management:
- Identification of primary and supporting assets, as well as their guarantors
- Assessment of confidentiality, integrity and availability
- Proper handling of assets
Risk management
- Risk analysis
- Impact analysis (BIA)
- Identification of threats and vulnerabilities
- Risk management plan
IT security
- Securing workstations and mobile devices
- Securing networks, servers and databases.
- Encryption and secure data transfer.
- Access control and identity management
- Backup and monitoring
Physical security
- Definition of the security perimeter
- Definition of the security level for individual security zones
- Physical protection procedures and measures
Personnel Security
- Employee requirements and selection process
- Employee training
- Security during and after employment
- Management of external workers and third parties
Incident Management
- Incident categorisation and reporting
- Response process configuration
- Evaluation of the effectiveness of measures
Business continuity management (BCM)
- Identification of critical assets and processes
- Continuity and recovery planning
- Testing and verification of continuity functionality
Supplier Management
- Identifying and categorising suppliers
- Preskúmanie a nastavenie SLA
- Review and setup of SLAs
Compliance
- Compliance with legislation (e.g. GDPR, Cyber Security Act)
- Compliance with ISO standards