We don’t just bring paper, we bring real security.
One international company in the software solution development and support business was looking for a partner with whom it could get an ISMS certification. This partner was supposed to help it to guarantee the security of solutions being developed and to raise the prestige in the eyes of customers all over the world.
First the AEC specialists gained the overview of the ICT environment and processes. Subsequently we proposed a suitable scope of deployment of the Information Security Management System (ISMS). Our proposal fully covered the company's requirements and enabled further broadening of the certification according to its needs to apply to other affiliates.
We suggested and deployed complex ISMS processes and we helped the company to prepare for the certification audit. Within five months from the beginning of our cooperation, the customer obtained the ISMS certificate according to the ISO/IEC 27001 standards and he could expand the certifications, also together with AEC, to other foreign affiliates.
The Solution's Description
The ISMS can be defined as a documented management system with the main aim of ensuring a corresponding level of information security inside the company within the information system as well as other processes.
Besides others the implementation of the ISMS includes the definition of protected information assets, security risk management, and security measures installation and check up.
The ISMS is defined by ISO/IEC 27001 standard (resp. the whole family of standards ISO/IEC 2700x) and it is fully compatible with the quality management systems (ISO/IEC 9001), the environmental management systems (ISO/IEC 14001) or the safety and health protection in the workplace systems (OHSAS 18001). The ISMS can easily integrate into the whole management system of the company.
The benefits of our services in the ISMS
- Assessment of the optimal proportion between the costs and the achieved level of the company's information assets security - maximum effectiveness and precise targeting of security investments.
- Increase in trustworthiness and credit of the company in the eyes of the customers and partners.
- Ensuring compliance with legislative requirements.
- Minimizing the risks regarding the unavailibility of information and services, leaks, and unauthorized access to the company's information.
- Savings on costs regarding the elimination of security incidents' consequences.
- Minimizing of danger of data leaks and the company's stability protection.
- Increase in the employees' security awareness ~ a drop in the users' rate of error.
- Continuous tracking and assessment of the current level of the company's information security.
We have lots of experience with project implementation for important companies in their branches, e.g.:
- Ministerstvo průmyslu a obchodu ČR
- Úřad pro ochranu osobních údajů
- Vysoká škola ekonomická
- GMC Software Technology
- HomeCredit International
- OTE, a.s.