Outsourced information security officer
In many cases the reason behind outsourcing the role of the information security officer is that there is no employee in the organization with the required certification and experiences. In such cases it is a possible solution for the management that performing the duties of the information security officer is ordered from a professional information security company as a service.

Outsourced IT audit
In outsourced IT audit assignments we perform the audit reviews according to the audit methodology and work programs provided by our client. The deficiencies found in the audit reviews are documented and reported according to the client’s standards as well.

IT audit
In IT audit assignment we review our client’s complex IT operation and compare it to the relevant IT and information security standards (pl. COBIT, ISO/IEC 27001:2022, ISO/IEC 27002:2022) and to the domestic and international industry practices. We assign business risks to the identified deficiencies, which are evaluated based on the understanding of the client’s business activities and business processes. We formulate the IT audit recommendations so that their implementation can be performed on the maturity level of the organization’s IT and information security architecture.

Security audit
In the information security audit assignments we assess the security risks of the reviewed information system; assign them into risk categories and develop recommendations to decrease the identified security risks. Our audits have two main parts: process audit and system audit. In the course of the process audit we compare the processes of the information system to the relevant international standards (e.g., CobiT2, ITIL3), and the domestic and international best practices. In system audits we review the security architecture and configuration of the information and telecommunication technology.

Vulnerability assessment
In vulnerability assessment assignments we use automatic tools to identify the vulnerability points of our client’s IT infrastructure. As part of our service we prepare daily reports about the vulnerabilities of the target infrastructure and the associated risks with utilizing the vulnerability assessment tool of some well-known vendors. With the precise knowledge of vulnerabilities and the associated risks our client can remove the vulnerabilities in a prioritized way, thus minimizing the overall security risk.

Information security strategy
Without strategic planning it cannot be ensured that information security projects are built on each other and as a result of the security spending the information security framework is established. Developing high standard information security strategy is always a complex task, since in its formulation several points should be considered. These points include the client’s business environment and strategy, the client’s IT strategy, the actual domestic and global information security trends, the relevant industry practice and the actual build out of the client’s information security framework.

Security awareness training
In the course of security awareness training we paint detailed picture to the employees of our client about the security risks associated with their daily work, and we give advice how to decrease or eliminate these risks. The security awareness training is hold as a class room training or as an e-Learning training according to the need of our client.

Information security policies
In the development of security policies we take into consideration the business environment and IT infrastructure of our client, the relevant regulatory requirements, the industry practices, and the relevant information security standards (pl. COBIT, ISO/IEC 27001:2022, ISO/IEC 27002:2022). In addition to developing the information security policies, we are able to implement the procedural and technical controls as well, which ensures that the organization meets the requirements formulated in the policies.

Data classification
The objective of data classification is to put the organization’s data – or using a more technical term the information assets of the organization – into various confidentiality classes and thus make it possible that data different form the security point of view are managed differently by the organization. h security level, or would result in unbearable burden for the organization. In data classification assignments we define the data classes aligned with the client’s policy and business environment, develop the inventory of information assets and assign the information assets into the defined data classes.

Quality assurance
Our quality assurance service helps in decreasing significantly the likelihood of unexpected events arising in information security projects, which would impact negatively the project objectives defined by our clients.