ISO 27001

What is the system of procedures for the management information security?

On the basis of the need to protect information was designed the comprehensive system requirements for the ensuring of information security in companies. The information security is here understood as ensuring of confidentiality, integrity and availability of information.

The system intervenes also in the area of the organizational safety, personnel qualification, operation and maintenance. The security system is engaged not only in fulfillment of legislative requirements, observation of the safety rules and agreements, but especially in identification and finding of risks and in prevention. The systematic risks analyses are basis for solution, which identify possible threats and are the starting point for minimization of risks.

What is the content of international standards?

ISO 27002 (formerly 17799) - international standard specifies the basic instructions and recommendation for provision of information security. It provides instructions and procedures for the implementation of basic security measures for information protection of organization.

ISO 27001 - is standard stipulating requirements for information security management. According to this standard are carried out screening system and contingent certification by independent organization. The requirements are often incorporated into integrated management system (quality, environment, labour protection, ...) as separate part of integrated handbook or manuals or other documentation such as technical (methodology and risk assessment activities, assuring of diversifications and financial implications in cause of its failure, code of conduct, ...).

What are examples of potential risk?

Risk of obtaining classified information by competition

Competition can use e.g. the database of your partners, classified production documentation (plans, models, specific procedures, ...), the intended strategic concepts, ..., but also information about your key financial indicators.

Risk of data loss

Data loss can mean exposure of organization run, high cost for data recovery, risk the performance terms of orders, but also sanctions from the state e.g. the lack of protection of personal data of employees.

And many other…

What are the benefits for your company?

• Increased confidence of your customers, suppliers , and employees
• Compliance with laws, regulations and standards (protection of personal data, etc.)
• Increase of your competitiveness in the market
• Improve the information management (including clear responsibilities for information processing)
• Minimize the risk of potential losses
• Improve image

Phases of information safety building?

• Objective settings and safety strategy
• Risk analysis
• Establishment of safety policy
• Processing of security standards
• Implementation
• monitorování
• Audit

If you are interested, please contact us: gemco@gemco.cz.