Our company provides consultations and implements processes to ensure security, as well as technological protection of the company, ranging from initial independent consultations to the provision of certification or final audits.
We offer consultations in the fields of information and cybersecurity and data protection (GDPR), and at the same time, we ensure the entire implementation process according to the ISO/IEC 27001:2022 standard – Information Security Management System (ISMS), in compliance with the Cybersecurity Act or GDPR requirements.
During implementation, we work with the client to identify all elements involved in information and cybersecurity, conduct risk analysis and risk treatment planning, develop security policies within the scope described below, carry out internal audits, and prepare mandatory records (SOA, management reviews, risk analysis reports, etc.).
Our goal is the successful completion of certification audits or cybersecurity audits within the company, as well as the company’s ability to continuously manage information and cybersecurity challenges without significant impact.
In brief:
- We train your employees to know what to do
- We implement measures and technologies that are subsequently monitored, controlled, and operate effectively
- We set contractual policies with clients and employees (SLA, NDA) according to your needs
- We ensure compliance with legislation in the required areas
In the field of information and cybersecurity, we focus on processes such as:
Organizational Security
- Definition of security roles and competencies
- Implementation of organizational processes (management review, statement of applicability, etc.)
- Integration of security into the company environment …
Information Asset Management
- Identification of primary and supporting assets and their owners
- Identification of relationships between primary and supporting assets
- Asset valuation (confidentiality, integrity, availability)
- Handling and labeling of information assets
- Disposal of information assets …
Risk Management
- Defining acceptable risk levels
- Establishing methodology and performing Business Impact Analysis (BIA)
- Establishing methodology and performing risk analysis
- Designing and preparing risk treatment plans
- Developing risk scenarios and defining interrelations
- Identification of security controls
- Identification and assessment of security threats and vulnerabilities
- Data Protection Impact Assessment (DPIA) …
IT Security
- Network security
- Security of PCs and laptops
- Security of servers and databases (CMDB)
- Security of development and testing
- Mobile device security
- Data encryption and transfer
- Access management and identity administration
- Backup
- Logging
- Monitoring and evaluation …
Physical Security
- Physical security perimeter
- Security zones
- Measures and procedures
- Implementation of physical security …
Personnel Security
- Employee selection requirements
- Employee selection procedures
- Security before contract signing
- Security during employment
- Security upon termination of employment
- Security of external employees and third parties …
Incident Management
- Incident categorization
- Definition of rights and responsibilities of individual roles in incident handling
- Establishing processes for incident resolution (notification, response, measures, etc.)
- Methods of incident reporting in accordance with legislation (GDPR, Cybersecurity Act)
- Evaluation of effectiveness of implemented corrective actions …
Business Continuity Management (BCM)
- Identification of critical assets and critical processes
- IT recovery plan
- Controls and testing …
Supplier Management (Improving SLA Effectiveness)
- Identification of key suppliers
- Review of SLAs considering company requirements and needs
- Integration of SLAs into the IT recovery plan …
Compliance
- Ensuring compliance with legislation
- Ensuring compliance with relevant ISO standards …