Algorithm of work:
- Inventory of CIIO assets.
- Identification of threats and assessment of information security risks.
- Development of a risk treatment plan.
- Development (adjustment) of the CIIO IS policy.
- Development (adjustment) of measures to protect CIIO information.
- Development of a CIIO restoration plan.
- Demonstration (confirmation) of the compliance of the CIIO information security system with the requirements of the legislation (Order of the OAC No. 66 dated 20.02.2020).
The result of the work will be an implemented, functioning and successfully audited CIIO information security system. The set of documents developed in the course of work (can be changed by agreement with the customer):
- CIIO survey report
- CIIO asset register
- CIIO diagrams (layout diagram, structural diagram, logical diagram, administration diagram)
- CIIO form
- Register (catalog) of threats to CIIO
- Risk assessment methodology
- Risk assessment report
- Risk treatment plan
- Information security policy
- Report on the results of the compliance of the CIIO IS system with the requirements of the legislation (Order of the OAC No. 66)
Terms of work performance: 3 to 6 months. The terms depend on the number and composition of the CIIO.