IT security nowadays is playing an increasingly central role, especially within the companies. It goes without saying that the choice of a product or a supplier does not take place exclusively by evaluating the proposed features: among the variables at stake in today’s market, in addition to the quality/price ratio, it is necessary to also include the safety measures provided by the supplier. It is thus necessary to know the state-of-the-art in the field of cybersecurity so as to assess the company status and proceed to improvements.
The ISO/IEC 27001:2013 standard establishes a controls system aimed at:
– Maintaining and
– Improving, according to a continuous cycle methodology (PDCA model), a system of correct information management (including personal data) within an organization. This cyclic structure is necessary because it is now known that safety is not a product but a process that is continuously evolving.
We will then proceed, with your support, to the analysis of the various ISO controls and their verification in the corporate context, in order to identify any gaps (“gap”) which will be widely documented within a detailed activity report that will include, in addition, the related recommendations for the purpose of increasing the level of corporate security and achieving compliance with the Standard.
More specifically, the working scheme will be that of the Standard:
• Risk identification;
• Analysis and assessment;
• Selection of control objectives and control activities for risk management;
• Assumption of residual risk by management;
• Definition of the Statement of Applicability.
Note: Leveraging on the experience developed by the ICTLC firm – ICT Legal Consulting in terms of GDPR legal compliance, our Cybersecurity Advisors are able not only to verify the correct application of the ISO/IEC 27001:2013, but also to link them with the right fulfilment of legal obligations regarding the protection of personal data.