ISO 27001, ISO 20000-1, GDPR, ISO 22301

Engineering and development of information security management systems such as ISO 27001, ISO 20000-1, ISO 22301 and support on general regulations such as 2016/679 ΕΚ (GDPR)

The purpose

The management of confidentiality, integrity and availability of the significant information that every organization keeps, requires the identification of the risks and taking of appropriate measures for the mitigation of the effects. The objective is the security of the
information and the elimination of the vulnerabilities.

The framework

The organization shall create a frame of technical and organizational measures including policies and procedures for the preservation of crucial information assets by mitigating threats, eliminating vulnerabilities and taking all necessary measures for business continuity on adverse conditions.

Our services

Taking into account the total customer satisfaction, we develop, maintain, improve and upgrade reliable systems and structures in companies that already have or do not have organized departments and management systems for the standards ISO 27001, ISO 20000-1, ISO 22301 or / and according to the General Data Protection Regulation (GDPR).

New European “General Data Privacy Regulation” (GDPR) (2016/679 ΕΚ)

The GDPR was approved and adopted by the EU Parliament in 27.04.2016. The regulation will take effect after a two-year transition period; meaning it will be in force May 2018. 25.05.2018. It applies to all companies and public organizations processing and holding the personal data of EU citizens, regardless of the company’s location. The implementation of the regulation is mandatory, it does not require any enabling legislation to be passed by government and supersedes any existing law for the same issue.
The companies and organizations shall prove the conformity to the GDPR (accountability principle) by:
Taking into consideration all necessary technical and organizational measures to protect the rights of every specific data subject,
Implementing appropriate policies for data privacy,
Evaluating the impact where data protection is critical (Privacy Impact Assessment),
Implementing codes of conduct and voluntary certification,
Contact us for further information  for any questions you may have or any clarifications you may need.

Information Technology – Security Controls (ISO 27001)

The edition of ISO 27001:2013 is currently valid after the end of transition period for the old version ISO 27001:2005. The implementation of a system that conforms to the relevant standard, has to be designed and has to undergo quantified risk assessment (security design and risk assessment). The adequate measures (controls) and safeguards for the preservation of the crucial information assets will be selected according to this risk assessment. The development of the technical and organizational control procedures is based on these measures.

Hence, the high demands of the standard and the nature of the security (Physical and logical security), develop a complex and very demanding system. However, the human resource of “D-Consulting Management Systems” basing on the experience and the knowledge that comes from the relevant projects that has been developed, could create a very simple and effective system tailor made for your organization.
Contact us for further information for any questions you may have or any clarifications you may need.

Information technology - Service management - Part 1: Service management system requirements (ISO 20000-1)

The main objective for the companies is to place controls to measure and maintain consistent levels of service.
Fixed and mobile telephony services, Internet access services, hosting of websites and television as a service could be considered inter alia IT services whether provided or managed internally by any organization.
The implementation of such systems provides a total view for the quality of IT operations including cost effectiveness, reliability, consistency and efficiency. By implementing of such system, the company follows internationally best practices and develops IT services that are driven by and support business objectives.
Contact us for further information for anyquestions you may have or any clarifications you may need.

Business continuity management systems (ISO 22301)

The companies that are interested for the development of management systems, are service providers (ie internet providers, s/w support, 3rd party logistics, customer support centers), shipping companies and any type of companies that provide vital services to others (outsourcing). These companies (ie medical manufacturers) ask from their sub-contractors (ie analytical and testing laboratories) to check their readiness on adverse conditions obliging so their sub-contractors to be certified.
The new ISO 22301:2014 is now valid. The new standard, based as the ISO 9001:2015 on the common, standard index (Annex SL) and requires not only the commitment of the top management but also the leadership for business continuity management.
You can develop your own system with the cooperation of “D-Consulting Management Systems” and ask for certification by an independent accredited certification body, proving so its reliability and completeness, to your customer.
Contact us for further information for any questions you may have or any clarifications you may need.