ISO 27001 is a globally recognised standard for establishing an information security management system (ISMS) that provides a robust information protection framework tailored to different types and sizes of organisations.
In practice, every organisation holds or has access to valuable and sensitive information. Inadequate, inadequate protection of this information in relation to the risks involved can give rise to serious financial, operational and legal consequences.
The question for boards is no longer "Are we at risk of a security breach?" but "When will it happen and how can we counter it?". The responsible answer is information security management in line with ISO 27001.
Compliance with the relevant rules and regulations.
Limiting to a minimum the risk of high fines, serious disturbances or reputational loss.
Obtaining a competitive advantage in tendering procedures and the possibility of obtaining trusted contractor status.
A better image in the business environment - more trust from stakeholders, including customers and business partners.
The implementation of ISO 27001 supports the development of internal culture within the organisation.
Support from an external trusted entity shall ensure a consistent and comprehensive approach to security.
Continuous improvement of the information security management system.
Increased resilience of organizations to emerging threats.
Information security does not depend solely on the technical safeguards in place, but is a challenge related to people and their management, which is why implementing an information security management system is a strategic decision.
Implementing an information security management system and obtaining ISO 27001 certification is a milestone for organisations in the field of information security. With it, you can be sure that the processing of information in your company is carried out in compliance with all legal standards.
ODO 24 addresses problems related to the identification of all threats to information security, and subsequently finds proportionate, sustainable and organisationally viable remedies.
The technical documentation referred to in point (a) of paragraph 1 shall be made available to the competent authorities of the Member States.
Preparation of safety recommendations.
Risk analysis (based on the ISO 27005 methodology)
Develop and implement a set of procedures.
ISO training for management, implementation team and staff.
An audit to verify compliance with procedures.
Preparing for certification.
Assistant with the ISO 27001 certification.
Marcin Wieczorek
From 13 to 17 March I attended the "Course for Information Security Administrators" organized by ODO 24 sp. z o.o. I am very impressed with the high substantive level of the training staff and the comprehensive program. Working as an ABI requires knowledge not only of legal provisions but also of IT matters, which ODO 24 took into account. Noteworthy is the curriculum, which gradually introduces increasingly advanced nuances of personal data protection, starting from the legal basics and ending with practical aspects of auditing and working with documents within a company. The complete set of materials, editable documents and publications I received will facilitate my daily work as an ABI. I can certainly recommend ODO 24 as a reliable partner offering training services of a high standard.
Magdalena Węglewska
For many years we have consistently placed great importance on the protection of the personal data of our customers as well as our employees. We took an active part in creating the "Code of Good Practice for the Protection of Personal Data of Customers and Potential Customers,” developed jointly by GIODO and the Polish Automotive Industry Association. Due to the complexity and variability of the rules on personal data protection, as well as Mazda’s dynamic development in Poland and the increasing volume of data we process, we decided to entrust the ABI function to a company specialized in this field. The decision to use the services of ODO 24 was primarily influenced by the experience and competence of the team of experts, the comprehensiveness of the offering and its flexibility in adapting to our organization. After a year of cooperation we can recommend ODO 24 as a professional and reliable partner.
Agnieszka Karłowicz
We have been working with ODO24 for over a year. For us it has been a year of peaceful breathing and a sense of security: at least regarding personal data protection :-) The people at ODO are professionals who explain matters that are incomprehensible to the average person in an understandable way. They understand not only their profession but, which is very important to us, business and its requirements. A practical approach, constant advisory availability, and great relationships — all of this means I can recommend this Company to anyone who wants to work and sleep peacefully.
Tomasz Siwicki
For several years we have been cooperating with ODO 24 in the field of personal data protection. A professional team that efficiently helped us to comply with the requirements of the GDPR. We make use not only of the experts’ knowledge but also of professionally prepared e‑training, thanks to which we were able to train several hundred employees in a very short time. I highly recommend ODO 24 as a professional partner delivering services at the highest level.
How do we implement ISO in a company? We will provide the methodology, tools, iso documentation, knowledge and team of consultants required to implement an information security management system in your organisation. We will ensure the planning, proper coordination and supervision of the implementation work in order to successfully achieve the set objective.
Incidents, i.e. adverse events concerning confidentiality, integrity and availability, can be intentional, accidental or random and are usually related to the processes of storing, processing, protecting or controlling access to data.
These processes involve specific people, as well as hardware, equipment, systems and infrastructure available to the organisation.
The set of best practices within the ISO 27001 standards protects against the following breach risks:
From a few to a dozen months. The time to implement the standard depends primarily on the size of the information security management system (you can establish it for a single process or organisational unit or for the entire organisation) and on your level of engagement. We do our work thoroughly and do not take shortcuts.
ISO 27001 certificate is issued by an independent certification body and constitutes objective evidence that your management system meets the requirements of the international ISO standard and is subject to continual improvement.
The price of ISO 27001 certification is influenced by many factors, including: the number of employees, the number of locations and the scope of the implemented system. If you would like to know the price of the implementation, please contact us.
A zero audit is a type of assessment during which we evaluate whether your organisation meets the requirements of the ISO 27001 standard. In short – we check what you already have and how effectively it works, and what we will need to do for you.
When implementing an information security management system at your organisation we will draw on other standards, including:
If your work becomes dull, repetitive and predictable, with a noticeably smaller number of incidents, you can assume that you have implemented ISO 27001 correctly and that everything is proceeding in accordance with the requirements of the ISO standard.
