Preparation for the ISMS external audit according to ISO 27001
We offer preparation for the ISMS external audit according to ISO/IEC 27001:2013
The security project serves for the introduction of the information security management system (ISMS).
It is developed in accordance with STN ISO/IEC 27001 and STN ISO/IEC 27002.
Why the preparation for the ISMS external audit according to STN ISO/IEC 27001?
Preparing ahead of time will reveal non-compliance of safety measures and organizational processes of the organization with ISO 27001 as well as missing documentation. Based on it, corrective measures to comply with ISO 27001 will be proposed. A prerequisite for obtaining a certificate will increase significantly. It also facilitates, streamlines and accelerates the entire audit process.
Preparation purpose and phases
Preparation for the audit
- Assessment of the compliance with standards.
- Risk analysis and subsequent synthesis of security measures.
- Proposal for the corrections of security measures for the purposes of compliance.
- Consultation on the introduction of particular security measures.
- Monitoring of the implementation of the introduced security measures.
- Preparation of documentation (documents) – security measures, security policies and guidelines – necessary to comply with the standards.
- Checking compliance with the standards.
- Participation in the audit process.
- Cooperation with auditors.
- Implementation of the requirements of auditors in areas where non-compliance was found.
Scope of activities
Security areas according to ISO/IEC 27001:2013:
- A.5 Information security policies
- A.6 Organization of information security
- A.7 Human resource security
- A.8 Asset management
- A.9 Access control
- A.10 Cryptography
- A.11 Physical and environmental security
- A.12 Operations security
- A.13 Communications security
- A.14 System acquisition, development and mantaince
- A.15 Supplier relationships
- A.16 Information security incident management
- A.17 Information security aspect of business continuity management
- A.18 Compliance
Our company has been actively working in the field of information technologies
Our experiences, knowledge and active activity in the field of information technologies enable us to process the security analysis and IT system project in a competent way.
Compliance of the outputs with the intra-company guidelines and processes
Examination of the existing documentation (English) and adaptation of our outputs to the existing guidelines and organisation processes already implemented.
Stability of the company
Continuity of our activity: our company has been working in the field for more than 14 years.
Person responsible for qualified consulting
Ing. Daniel Bednárik, education: Faculty of Applied Informatics, Tomas Bata University in Zlín, field of study: Engineering Informatics, Security Technologies.
Internationally accepted and accredited CISM certificate of the ISACA organisation
CISM (Certified Information Security Manager) certificate is intended for experienced information security managers and has been designed to provide an assurance to the executive management that its holders have the required knowledge and skills to perform efficient security management.
The list of the Isaca Slovakia certificate holders (www link).
Certificate of internationally accredited training IRCA, ISO 27001
Ing. Daniel Bednárik passed an internationally accredited training for external auditors/lead auditors for ISO 27001. The accreditation is covered by IRCA (International Register of Certified Auditors). IRCA Certificate No.: 27416.
Qualified independent auditor of the Regulatory Authority for Electronic Communications and Postal Services
Our company is included in the list of qualified independent auditors for the security audit performance in a company providing public electronic communication services.
The list is published on the Regulatory Authority’s website (www link).
Liability insurance for damage caused when providing the services in the field of information technology security in the extent as follows: EUR 100,000, (Colonnade Insurance S.A.).