Do you want to develop or update your ISMS documentation?

What do we offer?

We guarantee support in preparing and implementing information security management documentation. With this service, you will receive ready-made procedures to oversee the processes within the organization where information is processed, securing it against leaks or loss. We will develop and implement ISMS documentation that takes into account processes, infrastructure, information systems, and the human factor. This documentation will define the principles for maintaining and improving information security procedures, which will reduce the risk of incidents and mitigate their negative impacts, ensuring the security of services and the continuity of your organization’s operations.

We offer comprehensive consulting for businesses and institutions, including the implementation of ISMS with documentation compliant with the National Interoperability Framework regulations for public institutions. The project will be tailored to your needs and the procedures already in place within your organization. Benefit from our experience and raise the standards of your information security management.

Leverage our experience and raise the standards of your information security management.

How do we work?

1. Documentation audit

Preparing documentation is one of the elements of the information security management system implementation service. At this stage, we will check whether your organization already has documents that fall within the scope of ISMS, including documented and communicated procedures related to information security.

We will ensure that they are regularly reviewed, updated, and communicated to employees. We will also examine how control over the procedures is managed, whether there is a risk of deviations from the procedure, and how supervision is conducted over the processes within the organization, during which information is processed and secured against leaks or loss.

2. Development of ISMS Documentation

Based on the results of security audits, risk analysis, and documentation, we will develop or update the required ISMS documents, including information security and information classification policies, risk assessment and management methodology, personal data security policy, physical security policy, instructions for information system security, etc. The ISMS documentation will include all comments and guidelines on how to use the procedures, as well as necessary explanations to ensure you have no doubts about security standards and action plans. We guarantee that the provided documentation will be clear, transparent, and minimal, so that every employee will have no doubts about the methods of operation concerning information security.

3. Implementation of ISMS Documentation

We will implement the security procedures and action plans included in the ISMS documentation according to the ISO/IEC 27001 standard. By using the implementation service, you will gain confidence that the prepared documents are correct and properly introduced and communicated within the organization.

4. Training and Workshops

Through training, we will raise the awareness of your employees, including ISMS auditors, regarding information security. We will familiarize them with the new ISMS documentation and the procedures necessary to ensure the security of processed data.

Let's talk about your project! Fill out the form

What else do we offer?

Check out our offer for other services related to Information Security Management Systems. We provide preparation for ISO 27001 certification and assist in carrying out the process. You can find the detailed scope of the service here: ISO 27001 Certification.

Why us?

Pioneers of ISO 27001

We conducted the first ISO 27001 certification audit (Information Security) in Poland.

Individual approach

When conducting the ISO 27001 compliance audit, we take into account the specifics of your organization and its market context.

Favorable conditions

We adjust the scope and schedule of information security services to fit your budget capabilities.

Business-oriented approach

We focus on a practical approach to risk management that is grounded and tailored to Polish realities.

Theu trusted us

The most important questions about ISMS documentation.

What does ISMS documentation include?

ISMS documentation results from the implementation of an information security management system in an organization, in accordance with the international standard ISO 27001. The standard defines the requirements for establishing, implementing, maintaining, and continually improving the information security management system. The implementation of ISMS is divided into several stages, one of which is the development of documentation that allows for more effective protection against errors and the leakage of critical data.

ISMS documentation includes standards, procedures, guidelines, risk analysis reports, and audit reports. The primary document is the information security policy, which, among other things, describes the organization, assigns responsible individuals along with their areas of responsibility, introduces information classification, specifies procedures, identifies assets and their owners, and defines how to assess and manage risks. In addition, ISMS requires the development of policies for personal data security, physical security, and the security of information systems (regulations).

What benefits does ISMS documentation provide?

The scope of the risk analysis should cover all resources and assets, taking into account the identification of internal and external threats for each process. As part of the risk analysis, it is necessary to assess the likelihood of a threat occurring and evaluate the potential consequences of its occurrence. The scope also includes recommendations for actions aimed at minimizing the occurrence of undesired events.

By implementing documentation in accordance with ISMS requirements, you will provide your organization with the ability to respond quickly to changes in business processes. You will gain protection, including the knowledge and tools to effectively and appropriately respond to emerging threats. Developed and documented procedures are essential to maintaining control over processed information and ensuring the proper level of protection for informational assets.

Importantly, the development and implementation of an Information Security Management System (ISMS) according to the PN-ISO/IEC 27001:2007 standard with the necessary documentation is the basis for certification according to the ISO/IEC 27001 standard. By using PBSG’s services, you gain assurance that the ISMS documentation will be correct and compliant with the ISO 27001 standard — guaranteed by our many years of audit, consulting, and training experience in the field of information security.

Why is it worth training staff on ISMS documentation?

Information security primarily relies on people, which is why it is crucial to involve staff in the process, as they are responsible for maintaining and achieving the organization’s goals related to information protection according to defined roles. Training should be conducted among all employees, especially internal ISMS auditors.

How much does ISMS documentation cost?

The development and implementation of ISMS documentation depends on the size of the organization, the specifics of its activities, the market environment, and the complexity of the processes involved. We provide a personalized quote, considering the scope of work and the timeline.

How long does it take to develop ISMS documentation?

The development and implementation of ISMS documentation usually takes up to several weeks. The timeline depends on the size of the organization and the specifics of the project. The work schedule is adjusted to meet the individual expectations of your organization.

ISMS documentation

Do you want to develop ISMS documentation?