Our objective, BLOOM-ing your INVESTMENT

Information security management

What is ISO / IEC 27001?

ISO / IEC 27001 is an international standard which sets requirements for Information Security Management System, allowing an organization to assess the risk they are exposed and to implement appropriate measures to protect the confidentiality, integrity and availability of its information.

Benefits and advantages

Implementing a quality management system according to requirements of ISO / IEC 27001 provides organizations the following advantages:
- Establishes a framework for assessing the overall context in which the organization operates;
- Establishes a framework for understanding and assessing information security risks managed by the organization;
- Reduce incidents and events that may adversely affect the organization's work;
- Allows management organiatiei internal processes in a more effective and less expensive;
- Ensure satisfaction of contractual, statutory and regulatory requirements;

Steps advisory service offered by our company:

1. Make a preliminary assessment (benchmarking);
2. Implementation of information security management system (determination of the scope, inventory, setting goals for security, development of risk analysis, drafting the declaration of applicability, documenting policies and procedures, establish monitoring system, identifying the required registration etc.);
3. Running the system for a period of time;
4. Develop an internal audit followed by management review;
5. Optional organization may choose one collaborative maintenance management system after implementation.
Optionally, our company can provide support in the implementation of technical measures in order to comply with the requirements under Annex A of ISO / IEC 27001.
Our company provides assistance during the certification process.

Who can be interested in the implementation of an information security?

ISO / IEC 27001 can be applied to any organization, regardless of size or industry. By applying ISO / IEC 27001, an organization can ensure the confidentiality, integrity and availability of its information by applying a management process and appropriate risk management.