Remember, all our courses are now available online! More information on the online training page.

More

Consulting

Information Safety in accordance with ISO/IEC 27001:2014

Nowadays, information is one of the priority resources which often decides about the final success, and modern organizations acquire, accumulate and process an increasing amount of information. The loss or unauthorized use of information entails not only business-related but also image-related losses.

 

Additionally, regardless of whether an organization is an economic or public entity, it must meet numerous legal, organizational and technical requirements in the field of processed information protection. These include, among others, the Act on combating unfair competition, the Act on protection of personal data, the Labour Code or the Penal Code. Subsequent legal requirements for the protection of information impose on individual organizations specific legal acts related to the nature of their activities. This concerns work-related secrets such as trade, banking, brokerage, statistical, medical, etc.

 

Among legally protected information, the most common is personal data (employees and clients), which is processed in virtually every organization. What is the guarantee that all necessary legal requirements related to information protection are met?

 

Having an implemented and maintained Information Security Management System in accordance with the PN-EN ISO 27001 standard is a guarantee that information security management processes are carried out correctly and guarantee full safety, meeting the requirements of Polish legislation. Additionally, the implementation of the standard’s recommendations is the starting point to meet the requirements of GIODO.

 

Inprogress sp. z o.o. has developed a comprehensive offer that includes:
– designing a unique Information Security Management System that is adapted to the needs of a specific organization, while meeting the requirements of ISO/IEC 27001:2014,
– making system documentation,
– providing consultancy assistance during the implementation of the System into the organization’s practice,
– preparing the organization for an external certification audit.

 

Our offer in the field of Information Safety in accordance with ISO 27001 includes:

Performing an information safety audit

Performing an information safety audit (also in a partner or executive organizations, or an organization with which you plan to cooperate, but it is necessary to obtain information on how to secure the entrusted information).

As part of the offer, our specialists will prepare a report containing, among others:

  • description of the safety level of information held, collected and processed,
  • defining the level of safety in relation to legal regulations in force in a given industry/sector,
  • degree of compliance with the requirements of ISO/IEC 27001:2014,
  • indication of key risk areas,
  • suggestions for changes and improvements that increase the level of information safety.

We also perform:

  • Other party audit
    Sometimes, an organization with which we cooperate or want to cooperate has implemented an ISO management system, but it is not certified or is certified by an entity that we do not know. Therefore, to check the degree of compliance of this organization’s system with the requirements of the standard, Inprogress sp. z o.o. performs an independent audit – other party audit (external).
  • Verification audit
    The organization with which we intend to cooperate (usually a potential subcontractor) does not have the management system we want. As part of the verification audit, Inprogress sp. z o.o. verifies the manner in which a given service/data services, processes, activities are performed at the potential partner’s facilities to determine the degree of compliance with the requirements set/implemented in the client’s organization.

Conducting internal audits

Conducting internal audits is the responsibility of an organization with any management system based on ISO standards.
One of the basic requirements for performing audits is the obligation of the auditor’s independence from the area being verified. In most organizations, it is very difficult to maintain such objectivity – after all, an audit employee is an employee of the company in which he performs the audit. He verifies the work of his colleagues with whom he spends a lot of time. How can he really be objective in this situation?
Inprogress sp. z o.o. offers the service of performing audits in organizations as a completely independent entity.
At the same time, we take over the functions of an internal auditor (auditors, audit teams), and the very performance of audits becomes an outsourcing process.

As part of the service we perform:

  • Internal audit
    (the so-called “first party audit”) is performed for internal purposes and is a starting point for the organization to determine the degree of compliance of activities in the organization with a specific ISO standard. This type of audit is necessary to maintain your ISO system and ISO certificate.
  • Examination of the effectiveness of audits performed
    As an independent expert team, Inprogress sp. z o. o. participates in internal audits. Next, a report for the management board/owner is prepared with an analysis of the performed audit, as well as conclusions in the context of subsequent audits, needs of the audited persons, and the possibility of using post-audit information to a better extent. As part of the service, we also explain to the client’s audit team the potential options for improving audit activities, and we also indicate the possibilities of improving the organization’s operations in the areas of strategic and operational activity – based on the audit conclusions. We also prepare a training suggestion for the client’s team.

Provision of maintenance and development services of the Information Security Management System

Provision of maintenance and development services of the Information Security Management System
As part of the service, Inprogress sp. z o. o. offers comprehensive services related to the maintenance and development of the ISO systems.
Thus, all tasks related to the work performed by the management representative for the management system can be transferred outside the organization to an entity with relevant experience, knowledge, tools, techniques and technology necessary to maintain and develop your systems.
This way, the scope of the classically understood outsourcing has been expanded to include a new industry – ISO systems, and you can benefit from the advantages of this solution, reducing costs, increasing profitability and purposefulness of your business, as well as focusing on new challenges.
During the service, Inprogress sp. z o.o. will carry out all activities necessary to maintain and develop your ISO systems.

Benefits
Our service is not only the money you can save, but also a faster and more efficient way of operating, engaging your attention only at key, pre-defined and agreed decision-making points.
As an expert external entity, in addition to standard activities related to maintenance and development of the systems, we indicate all gaps where the processes can be optimized in the context of more efficient operation of your organization.
Our service saves money, time, your energy and is a guarantee of reliability.

Implementing an Information Security Management System in accordance with ISO/IEC 27001:2014 and preparation for obtaining the certificate

Advantages of implementing an Information Security Management System in accordance with ISO/IEC 27001:2014

  • confirmation of compliance with legal requirements related to protection and processing of information,
  • confirmation of compliance with GIODO requirements,
  • identification of business risks related to information loss and their minimization,
  • reduction of the risk of information ‘leakage’,
  • protection of organizational resources,
  • ensuring data confidentiality,
  • guarantee that information is available only to authorized persons,
  • securing the completeness of information and the methods used to protect it,
  • improvement of competitiveness,
  • guaranteeing partners that their information is secure,
  • minimization of the risk of information loss,
  • increased prestige.

Stay in touch

Contact Me - kopia

Show more

Newsletter

Do you want to get the information about discounts and news in Inprogress? Leave us your e-mail and stay up-to-date!

Co - administrators of your personal data in connection with subscribing to the newsletter are INPROGRESS Sp. z o.o., INPROGRESS Skills Sp. z o.o.

 

Show more

By clicking ‘Sign up’ you allow to processing by INPROGRESS Sp. z o.o., INPROGRESS Skills Sp. z o.o. your E-mail to sending the newsletter.