Information Safety in accordance with ISO/IEC 27001:2014

Performing an information safety audit (also in a partner or executive organizations, or an organization with which you plan to cooperate, but it is necessary to obtain information on how to secure the entrusted information).

As part of the offer, our specialists will prepare a report containing, among others:

• description of the safety level of information held, collected and processed,
• defining the level of safety in relation to legal regulations in force in a given industry/sector,
• degree of compliance with the requirements of ISO/IEC 27001:2014,
• indication of key risk areas,
• suggestions for changes and improvements that increase the level of information safety.

We also perform:

• Other party audit
  Sometimes, an organization with which we cooperate or want to cooperate has implemented an ISO management system, but it is not certified or is certified by an entity that we do not know. Therefore, to check the degree of compliance of this organization’s system with the requirements of the standard, Inprogress sp. z o.o. performs an independent audit – other party audit (external).
• Verification audit
  The organization with which we intend to cooperate (usually a potential subcontractor) does not have the management system we want. As part of the verification audit, Inprogress sp. z o.o. verifies the manner in which a given service/data services, processes, activities are performed at the potential partner’s facilities to determine the degree of compliance with the requirements set/implemented in the client’s organization.

Conducting internal audits is the responsibility of an organization with any management system based on ISO standards.
One of the basic requirements for performing audits is the obligation of the auditor’s independence from the area being verified. In most organizations, it is very difficult to maintain such objectivity – after all, an audit employee is an employee of the company in which he performs the audit. He verifies the work of his colleagues with whom he spends a lot of time. How can he really be objective in this situation?
Inprogress sp. z o.o. offers the service of performing audits in organizations as a completely independent entity.
At the same time, we take over the functions of an internal auditor (auditors, audit teams), and the very performance of audits becomes an outsourcing process.

As part of the service we perform:

• Internal audit
  (the so-called “first party audit”) is performed for internal purposes and is a starting point for the organization to determine the degree of compliance of activities in the organization with a specific ISO standard. This type of audit is necessary to maintain your ISO system and ISO certificate.
• Examination of the effectiveness of audits performed
  As an independent expert team, Inprogress sp. z o. o. participates in internal audits. Next, a report for the management board/owner is prepared with an analysis of the performed audit, as well as conclusions in the context of subsequent audits, needs of the audited persons, and the possibility of using post-audit information to a better extent. As part of the service, we also explain to the client’s audit team the potential options for improving audit activities, and we also indicate the possibilities of improving the organization’s operations in the areas of strategic and operational activity – based on the audit conclusions. We also prepare a training suggestion for the client’s team.

Provision of maintenance and development services of the Information Security Management System
As part of the service, Inprogress sp. z o. o. offers comprehensive services related to the maintenance and development of the ISO systems.
Thus, all tasks related to the work performed by the management representative for the management system can be transferred outside the organization to an entity with relevant experience, knowledge, tools, techniques and technology necessary to maintain and develop your systems.
This way, the scope of the classically understood outsourcing has been expanded to include a new industry – ISO systems, and you can benefit from the advantages of this solution, reducing costs, increasing profitability and purposefulness of your business, as well as focusing on new challenges.
During the service, Inprogress sp. z o.o. will carry out all activities necessary to maintain and develop your ISO systems.

Benefits
Our service is not only the money you can save, but also a faster and more efficient way of operating, engaging your attention only at key, pre-defined and agreed decision-making points.
As an expert external entity, in addition to standard activities related to maintenance and development of the systems, we indicate all gaps where the processes can be optimized in the context of more efficient operation of your organization.
Our service saves money, time, your energy and is a guarantee of reliability.

Advantages of implementing an Information Security Management System in accordance with ISO/IEC 27001:2014

• confirmation of compliance with legal requirements related to protection and processing of information,
• confirmation of compliance with GIODO requirements,
• identification of business risks related to information loss and their minimization,
• reduction of the risk of information ‘leakage’,
• protection of organizational resources,
• ensuring data confidentiality,
• guarantee that information is available only to authorized persons,
• securing the completeness of information and the methods used to protect it,
• improvement of competitiveness,
• guaranteeing partners that their information is secure,
• minimization of the risk of information loss,
• increased prestige.