About ISO 27000 ISMS

ISMS proactively addresses potential security risks.

This system is widely used by organizations regardless of size or field of activity. It can be practically recommended wherever information technologies are used for process support, data management, communication, etc. The organisation is able to make decisions on risk management measures based on risk analysis by

• accepting (the cost of prevention is higher than the risk)

• transfer to a 3rd party (e.g. insurance company, outsourcing, etc.)

• invests and strategically develops the organisation's security system in a controlled manner

Cybersecurity Act

Security standards can be implemented in an organization by a consulting firm or in-house. In either case, it is important that your employees have the knowledge at a level that equates to the responsibility assigned by a superior manager/institution. Investments in ISMS are often thwarted precisely because human resource training is underdeveloped or underestimated.

ISMS Act

Act No. 365/2000 Coll. on Public Administration Information Systems, as amended, presents a broad and complex area of time-consuming activities for public administration bodies in the section of information security. Being in compliance with the required legislation means, among other things, meeting the requirements of ISMS - ISO/IEC 27001.

GDPR

General Data Protection Regulation - The General Data Protection Regulation is most often implemented on the basis of the ISMS framework. More information can be found in the GDPR section.

DORA

The Digital Operational Resilience Act is a European regulation that came into force to strengthen the resilience of the financial sector to cyber threats. DORA sets new requirements for financial institutions and ICT service providers, including the obligation to implement effective security measures, monitor and manage cyber risks and ensure business continuity. In addition, DORA introduces an obligation to regularly test resilience to cyber-attacks to minimise potential impacts on financial stability and consumer protection.

NIS2

The Directive on Security of Network and Information Systems 2 is a European Directive that updates and extends the original NIS Directive to strengthen cyber security across key sectors in the EU. NIS2 introduces stricter security requirements for a wider range of actors, including energy, transport, healthcare, and public administrations, and places emphasis on ensuring the reliability and resilience of their networks and information systems. The Directive also improves mechanisms for cooperation between Member States and sets penalties for non-compliance, aiming to strengthen the EU's overall cyber resilience.