We are using cookies to give you the best experience on our site. Cookies are files stored in your browser and are used by most websites to help personalise your web experience.
By continuing to use our website without changing the settings, you are agreeing to our use of cookies.
Training Centre

Training Centre
System integration

System integration

ISO

 

 

 

Information and data are vital to the way businesses operate, because they underpin the most fundamental business processes of any organisation. It is regarding key data such as confidential information about partners and customers or information related to the company's know-how.

It poses a particular risk if there is any disruption to the quality or availability of this information, because any weaknesses in the security system could result in the information being compromised, disclosed, accessed by unauthorised persons or even destroyed.

Achieving ISO/IEC 27001 certification helps you manage and protect valuable information. ISO/IEC 27001 is the only verifiable international standard that defines the requirements for an Information Security Management System. The standard is designed to ensure that appropriate and proportionate security controls are selected.

 

The standard covers the following areas:

  • security policy
  • safety organization
  • control and classification of goods and assets
  • personal security
  • physical and environmental security
  • communications and operations management
  • access control
  • system development and maintenance
  • business continuity management
  • compliance

 

Recommenation:

The ISO/IEC 27001 standard is suitable for operators in any sector, regardless of company size.

 

Benefits of implementing the system:

  • conscious management of information and data
  • improvement of efficiency
  • clear expectations for employees, subcontractors, suppliers, collaborators, with clear responsibilities
  • increase employee awareness of information security through training, policies and their implementation
  • ensuring business continuity
  • reduce the risk of misuse, loss and disclosure of confidential data handled and stored

 

What do we provide?

With the support of our experts, we can provide practical assistance in implementing and operating an Information Security Management System, so that preparing for certification will enable your company to effectively protect your data and information.

 

Step

Phase I. – System design and implementation

Assessment of current situation, system design, identification of areas for improvement

We will learn about the structure of the company in detail, its operational hierarchy and parameters, its profile and current practices in each area.

Risk assessment

 

We examine the security risks inherent in the day-to-day operations of your company. For example, we look at the risks associated with staff roles, e.g. whether there has been an incident involving access rights. If so, and possibly more than one, we need to investigate why. Perhaps because of non-compliance or lack of understanding of the regulations, or a technical error?

An assessment based on risk analysis is made on the basis of three criteria (CIA classification):

Confidence: regulating the scope and levels of access to data and information stored in the electronic information system.

Integrity: the content and characteristics of the data are as expected, including that the information is authentic (from the expected source), indisputable (verifiable) and the electronic information system elements can be used as intended.

Availability: Ensuring that electronic information systems are accessible to the authorised person and that the contained data can be used.

 

Training

When introducing a new system, it is inevitable that more comprehensive education and training services need to be carried out. We also commit to the training of our client's professionals who are involved in information security and its deployment and testing.

Preparation of ISO/IEC 27001 documents based on risk management

Preparation of written documentation-based policies. As the company is constantly changing, the policies must always be adapted to the current state of the company.

 

Phase II. – Certification

 

In parallel with the implementation, we will help you choose the right certification body. Prior to the certification audit, an independent auditor (who has not been involved in the company's ISO 27001 system deployment) will conduct an internal audit. Based on the internal audit, we will jointly develop the ISO 27001 management system.

During the certification audit, the consultant involved in the training will help you to ensure compliance and successful certification.

 

Phase III. – Aftercare

 

Following the implementation, the ongoing maintenance and development of the Information Security Management System will begin, with our consultants actively supporting the aftercare process.

Based on the monitoring of incidents and the performance of audits, the risk management and thus the information security system will be continuously improved.

 

 

If you are interested in more details, please contact us at the info@szirtes.com e-mail address.