Creation of ISMS and audits according to DSTU ISO/IEC 27001:2015

 In accordance with the requirements of the Law of Ukraine "On the Protection of Information in Information and Telecommunication Systems" and the Law of Ukraine "On the Protection of Personal Data", information that is the property of the state or information with limited access, the requirements for the protection of which are established by law, is subject to mandatory protection, and as well as personal data of citizens of Ukraine.

The information security management system (ISMS) is a part of the overall management system of the organization, which is based on a risk-oriented approach and is intended for the creation, implementation, operation, monitoring, analysis, support and improvement of the information security (IS) of the organization.

Specialists of  LLC  "SMART SOLUTIONS" have professional education and many years of work experience in the field of technical and cryptographic information protection, as well as experience in designing and creating information security management systems of various complexity.

As a result of the work on the creation of the ISMS, the specialists of our company will implement a full set of organizational and technical measures to ensure the creation and functioning of the ISMS.

The main goals of building an ISMS are:
      • ensuring confidentiality, integrity and availability of the organization's information assets;
      • fulfillment of information security requirements of clients and partners;
      • inventory of assets (primary and secondary) of the company included in the scope of ISMS, determination of owners and value of assets;
      • The construction of the ISMS allows you to clearly define how IS processes and subsystems are interconnected, who is responsible for them, what financial and labor resources are necessary for their effective functioning.

The information security management system includes:
      • IS management processes;
      • personnel responsible for ensuring and organizing IS management;
      • a set of documented policies and procedures;
      • IS security mechanisms.

LLC  "SMART SOLUTIONS" offers a full range of works on the construction of an ISMS, including:

Stages of work on the creation of an ISMS

Stages of work performed "on a turnkey basis" by our specialists during the construction of the ISMS:

"First stage" - Conducting an examination, which includes:
      • clarifying the scope of ISMS;
      • collection and analysis of initial data, surveying of the organization's business processes, which are included in the scope of ISMS;
      • inventory of assets (primary and secondary) of the company included in the scope of ISMS, determination of owners and value of assets;
      • carrying out a preliminary assessment on the compliance of the existing management mechanisms and IS provision in the organization with the requirements of DSTU ISO/IEC 27001:2015;
      • development of documented Scope of ISMS and IS Policy in terms of characteristics of business, organization, its location, resources and technologies.

"Second stage" - IS risk assessment, which includes:
      • assessment of IS risks in the organization in accordance with the provisions of the DSTU standard ISO/IEC 27005:2015;
      • selection of goals and control mechanisms for processing IS risks and assessment of their applicability in the organization;
      • development of a risk management plan, which determines the appropriate actions of the organization's management, resources, responsibilities and priorities for IS risk management;
      • development of a declaration on the possibility of applying control mechanisms.

"Third stage" - Creation of an ISMS, which includes:
      • documentation of IT management processes (policies, procedures);
      • technical design of SOIB (development of a technical task for design taking into account the identified IS risks, development of technical solutions).

"Fourth stage" - Implementation of ISMS, which includes:
      • training and raising awareness of personnel;
      • implementation of ISMS;
      • automation of IS management processes using automation tools (optional).

During the development and implementation of the ISMS, we offer to use both typical information protection models developed by our specialists when performing similar work, which in turn will reduce the cost of developing, implementing and supporting the ISMS for your organization, as well as information protection subsystems that will be developed , at the stage of ISMS design, individually for your organization.

It should be noted that  LLC "SMART SOLUTIONS" has all the necessary permits for carrying out work in the field of information protection, which in turn allows to provide a full range of services for the creation of ISMS to enterprises, institutions, and organizations regardless of their form of ownership.