.
What is it about?
Every company that takes care of its efficiency now manages all risks related to security through an Information Security Management System (ISMS), that is, a set of policies and procedures that includes all areas (physical, logical, organizational, legal); in this way all company business functions are involved in information security.
The most common standard for ISMS is represented by the ISO 27000 “family” (27001 in general, 27017 and 27018 for the cloud world), which also allows the certification of the system thus created. It can be applied to any type of organisation (companies, public bodies, academic institutions, non-profit associations) regardless of the information and personal or business data they process.
CryptoNet Labs services include:
- definition of the scope of application of the ISMS in the first phase of implementation or expansion;
- gap analysis and definition of the intervention plan;
- consultancy during implementation or certification for the resolution of any non-conformities;
- drafting of the documental apparatus;
- risk analysis;
- internal audits;
- review activities;
- training;
- support during audits of certifying bodies.
We also assist companies in revising their organisation or business objectives, issuing new versions of the standard, adopting new standards dedicated to specific sectors and we support the integration of ISMS with other management systems (ISO 9001, ISO 20000, COBIT, etc.) or with business compliance (231, GDPR, PCI DSS).
Who can benefit from it?
Both companies wishing to set up an ISMS, and companies already certified: modular solutions, continuous support, integration with other management systems.