It’s not just a necessary formality
The development of IT services and their widespread use go hand in hand in making their users vulnerable. The damage and loss of stored information, let alone the theft of confidential data, would have immeasurable consequences for cloud service providers. Therefore, it is necessary to protect all systems containing important data through an information security management system, known as ISMS, the implementation of which is necessary for the certification of ISO/IEC 27001:2014 processes.
The measures adopted by the ISO/IEC 27001:2014 processes comply with the requirements of Decree No. 82/2018 Coll., which implements Act No. 181/2014 Coll., on Cyber Security and Regulation (EU) No. 2016/679 of the European Parliament and of the Council, the General Data Protection Regulation (GDPR).
Why do we care about the norm?
Information Security Management System
The Information Security Management System is a methodological document created for the purpose of managing the information security system according to ISO/IEC 27001:2014 and serves as a basis for defining the competencies of competent persons in the cybersecurity system, i.e. the Cybersecurity Manager, Cybersecurity Architect, Cybersecurity Committee, Cybersecurity Auditor, Asset (information set) Guardian and Technical Asset Manager. The ISMS manual is based on the cyclical PDCA model, i.e. Plan-Do-Check-Act, which is regularly reviewed to improve the set processes.
Information Security Standard
The Information Security Standard defines a set of measures for our staff to minimise the risks to the availability, confidentiality and integrity of data. Availability is defined in this document as the provision of such processes and information as are necessary for our operations, together with compliance with legal requirements. This document also defines the processes for asset management, human resource security, physical security, communications and operations management, access control, information systems acceptance, development and maintenance, information security incident management and Business Continuity Management.
Security Board
The Cybersecurity Committee is the body responsible for managing information security. The Cybersecurity Committee’s activities consist of managing the security strategy, security policies, implementation of security measures, security budget, security incidents, security education and training, as well as security controls and audits. The Cybersecurity Committee is made up of representatives from all key departments involved in the provision of the cloud. The Committee is led by the Cybersecurity Manager and as a whole is accountable to the management of our business.
Security Policy
The Security Policy establishes the positions of Cybersecurity Manager, Cybersecurity Architect and Cybersecurity Committee. These are the responsible persons within the organisation and the ISMS Manual sets out the scope of their responsibilities in the area of cyber security. The set procedural system, which the Security Policy covers, is developed and audited in accordance with Act No. 181/2014 Coll., on Cybersecurity, and the implementing decrees, as well as with the Regulation of the European Parliament and of the Council of the EU 2016/679 GDPR and other requirements arising from generally binding legal regulations.