Services for assessment of compliance of information systems security management with the requirements of international standards ISO/IEC 27001 and ISO/IEC 27002
Service
Conformity assessment according to the requirements of international standards ISO/IEC 27001 and ISO/IEC 27002 (hereinafter ISO 27001 and ISO 27002) for compliance of information systems security will help to properly assess the acceptable level of information security in the organization, including confidentiality, integrity and availability.
Cyber security entities: an entity which controls and/or manages information resources of the state, for example, acting as an owner and/or manager of critical information infrastructure, provider of public communication networks and/or public electronic communication services, supplier of hosting and other digital services must implement the organizational and technical requirements of cyber security established in the legal acts of the Republic of Lithuania.
Failure to comply with the established organizational and technical requirements for cyber security shall result in a warning or a fine to the heads of the legal entities or other responsible persons.
The controller and the processor under the EU General Data Protection Regulation (GDPR) must implement appropriate technical and organizational measures to ensure a level of security, which can be properly implemented with an ISMS compliant with ISO 27001.
Lack of appropriate technical and organizational measures may be considered a infringements of the provisions of the General Data Protection Regulation (GDPR) and in such case administrative fines may be imposed, which may reach up to 2 – 4%. of the previous financial year’s total annual global turnover, or up to 10,000,000– 20,000,000 euros.
Process
- We gather evidence and information
- We value evidence and information
- We identify discrepancies
- We prepare recommendations to eliminate non-compliances
Result
- Compliance assessed. Compliance with ISO 27001 and ISO 27002 requirements has been assessed
- Report prepared. A report on the assessment of compliance to ISO 27001 and ISO 27002 has been prepared, detailing the non-compliance identified during the compliance assessment
- Recommendations prepared. Recommendations have been prepared to address non-compliances identified during ISO 27001 and ISO 27002 during compliance assessment
Advantage
- Assessed the level of information security and cyber security management of the organization and the potential risks
- The adequacy and effectiveness of organizational and technical measures for information security and cyber security and personal data protection were assessed
- Gaps have been identified and a plan prepared to close them
- Compliance with ISO 27001 and ISO 27002 requirements is ensured
- Compliance with GDPR requirements is ensured
Customer reviews
- A Compliance Assessment Project Has Been Implemented in the State Tax Inspectorate
- A Compliance Assessment Services for Government Information Resources and Communications and Information Systems Managed and Managed
- National Health Insurance Fund User Identity and Rights Management and User Registration and Control System Implementation Project
- Independent ESPBI IS (Electronic Health Services and Collaboration Infrastructure Information System) Security Audit Project of SE Center of Registers
References
- The international standard ISO/IEC 27001
- The international standard ISO/IEC 27002
- The Law of Cyber Security of the Republic of Lithuania
- The Resolution No 818 of the Government of the Republic of Lithuania of 13 August 2018 ‘On the Implementation of the Republic of Lithuania Law on Cybersecurity
- The Code of Administrative Offences of the Republic of Lithuania
- The EU General Data Protection Regulation (GDPR)
Contact person
Ernestas Lipnickas
Mobile: +370 (605) 44 444
Email: ernestas.lipnickas@adwisery.eu