Information security policies

The service

One of the basic steps of building out the information security framework is developing and implementing information security policies.

In the information security policies security requirements are formulated; these requirements can be met by implementing and operating procedural and technical controls.

But from where can we derive the requirements formulated in the policies?

In the development of security policies we take into consideration the business environment and IT infrastructure of our client, the relevant regulatory requirements, the industry practices, and the relevant information security standards (pl. CobiT1, ISO/IEC 270002, COSO3 , ITIL4).

In addition to developing the information security policies, we are able to implement the procedural and technical controls as well, which ensures that the organization meets the requirements formulated in the policies.

We recommend it for organizations

  • where requirement level of the information security framework hasn’t been established yet
  • which have security policies, however several deficiencies can be found in their implementation
  • which have to comply with some regulatory requirements and therefore the security policies should be developed according to these requirements

Why choose us?

  • since our consultants have significant experiences in developing information security policies and procedures
  • since we have not only consulting experiences, but client-side management experiences as well
  • since we can interpret the security requirements formulated in the policies to the top management, to middle managers and experts as well