Security documentation

Security documentation

We are ready to assist you in drawing up appropriate safety documentation, which will become the keystone of information security at your organization.

 

Our story
Unique know-how needs an unique protection.

One Czech mechanical-engineering company became the sole producer of an unique new generation tooling system, that is being exported all over the world. The need for securing the continuity of supplies and for know-how protection against its theft increased rapidly.

The primary requirement of AEC was to help with ensuring the continuity of supplies. It meant to secure and nail down a potential gap of supplies, so its impact on the continuity of the company's business would be as minimal as possible. During a period of two months we drew up a complete file of risk scenarios, and we defined emergency plans that the company will follow if the operation is violated. Recovery plans, which help to secure the original operation promptly, were also part of the outcome.

Based on this great experience, the company also selected us for securing its know-how. Our specialists elaborated a concept of the security policy, and follow-up documentation, so it would correspond with the higher risk of attack and attempts at the theft of crucial data. Due to the need for a permanently high level of security, the company is cooperating with us on further development.

The solution's description

Our specialists mainly focus on these matters:

The documentation of the key security processes and measures is one of the important elements of the information security management of the company. According to the credo “The spoken word perishes, the written word remains” the documented information security policy or the security rules for users represent a certain obligation for the company, its employees, eventually for suppliers and other entities that interact with the company's information system.

Within the framework of our services we are able to help you with creating all the security documentation so it will comply with prescriptive and other relevant requirements. We cover the following fields of interest:

The security policy of the company

Definition of the basic aspects of information security management, security rules, etc.

Processes and security documentation

Definition of the follow-up security documentation, e.g. in the form of the user's manual, operation documentation, etc.

ISVS documentation

Drawing up specific ISVS documentation according to the requirements of the Act number 365/2000 Sb.

Our services' benefits

We deal with security by systematic company documents that include all the important circumstances!

Situation in the field

Each developed company culture creates lots of internal documents that include the company's terms of competence. It is not common to link these internal documents with the field of IT system security. The overview of responsibilities and roles is missing. Most of the time, all the responsibility is on the administrators and network administrators.

Our goal

In the framework of information security management it is necessary to clearly define a number of basic security rules and processes. The security policies are a part of the basic documents that define the information security strategy and elementary company rules. Further follow-up documents regulate and specify the methodologies of partial fields and security processes. The following documentation describe the security processes of information processing and IS administration. It sets and defines individual processes, defines roles and responsibilities of each role, and competencies for carrying out given processes.

How we proceed

While creating the documentation, we take advantage of our longterm experience gained from building information security management systems and detailed executing of all the related tasks. Part of the basic security documentation (documentation of information security processes) can be a set of several linked security documents. The company can define their distribution according to its specific needs.

References

We have lots of experience with project implementation for important companies in their branches, e.g.:
  • Cord Blood Center CZ, spol. s r.o.
  • Ministerstvo průmyslu a obchodu
  • Regionální rada regionu soudržnosti Střední Morava
  • Magistrát města Chomutova
  • OSTROJ, a.s.
  • Devro s.r.o.
  • Krajský úřad Zlínského kraje
  • Penta Investments, s.r.o.
  • Magistrát hlavního města Prahy
  • Ministerstvo školství mládeže a tělovýchovy
  • Hasičský záchranný sbor Jihomoravského kraje
  • OTE, a.s.
  • Statutární město Opava
  • Úřad pro ochranu osobních údajů
  • Vysoká škola ekonomická v Praze