Active Audit Agency

т: +38(044) 228-15-88


information security program

Information Security Management System implementation

What is it?

Information security management system (ISMS) is a complex of technical, operational and organizational measures to provide information confidentiality, integrity and availability on an appropriate for business needs level.

Information security program offers a system approach to take into consideration requirements to all parts of company's security (including IT security).

Information security program elements

Why do you need this?

In order to provide information security you will need a program, which will be capable to lead company to its business goals. Information security program is a fundamental part of company's information security management system and it is joins all company's processes and resources for information security, and defines the methods to achieve business goals.

Information security program goals:

  • To buil infoormation security management suystem alighned with business strategy and business goals;
  • To manage informational risks in the company;
  • To optimize information security expenses and development;
  • To manage information security resources in the most effective way;
  • To centralize all information security functions inside company;
  • To measure information security performance.

Properly builtinformation security management system has the following advantages:

  • Provides the nesessary level of protection;
  • Allows to implement information security goals in real life;
  • Allows to implement, manage and monitor information security in an effective way;
  • Reduces expences for information securiyt;
  • Increase company's investment attractiveness, positioning for investors as "open".

How to develop and implement information security management system?

ISMS implementation is a series of a projects and initiatives to provide information security inside company.

Active Audit Agency guided by best practice's and international standards in this area - COBIT v.4.1 and В ISO 27002.

The methodology selection, which allow you to develop and implement ISMS, depends on business priorities and goals. We may develop the methodology individually for your company, based on your business needs.