Tenders Are Invited For Service Of Performing An Audit Of The Information Security System In 5 Entities As P ... in Poland

Work Detail

1. The Subject Of The Order Is The Service Of Performing An Audit Of The Information Security System In 5 Entities As Part Of The Project Cybersecure Local Government For The Stalowa Wola Commune: Advanced Digital Services. Measure 2.2 - Strengthening The National Cybersecurity System. Grant Competition Under The Cybersecure Local Government Grant Project. The Order Covers Audits Of The Information Security System In 5 Entities: City Hall In Stalowa Wola. Municipal Nursery No. 3 In Stalowa Wola, Kindergarten No. 2 Named After Jan Brzechwa In Stalowa Wola, Kindergarten No. 5. Julian Tuwim In Stalowa Wola, Stalowa Wola Shared Services Center, Among Others. In Order To Assess The Effectiveness Of Security Measures And Risk Management; A) Audit Implemented In The Isms Information Security System Unit, B) Analysis Of The Effectiveness Of Activities In The Field Of Monitoring, Measurement, Analysis And Evaluation Of The Isms, Including A Review Of Risk And Compliance Indicators. The Task Is Co-Financed Under The Program: European Funds For Digital Development 2021-2027. Priority Ii: Advanced Digital Services, Action 2.2 Strengthening The National Cybersecurity System.2. The Audit Should Include:A) Initial Analysis And Determination Of The Scope Of The Audit• Defining The Areas, Locations And Organizational Units Covered By The Isms.• Verification Of Records Of The Information Processing Area, Including The Accuracy Of Data Regarding Locations, Floors And Addresses.• Checking Whether The Scope Of The Isms Is Consistent With The Requirements Of Iso/Iec 27001 Standards And The Needs Of The Organization.B) Verification Of System Documentation• Introduction To The Isms: Assessment Of Whether The Documentation Contains The Basic Principles Of Information Security Management And Compliance With The Pdca Cycle (Plan-Do-Check-Act).• Terms And Definitions: Checking Whether All Important Concepts Are Defined And Compliant With Standards.• Organizational Context: Analysis Of Internal And External Factors And Their Impact On The Isms, Including Risk Analysis.C) Risk Management• Assessment Of The Risk Identification And Analysis Process, Including Risk Assessment Documentation.• Analysis Of Remedial And Corrective Actions For Identified Risks.D) Security And Application Declaration• Verification Whether The Declaration Of Security Application Is Consistent With Annex A Of The Iso/Iec 27001 Standard.• Assessment Of The Effectiveness Of The Implemented Security Measures And Justification For Possible Exclusions.E) Operational Documentation• Policies And Procedures: Checking Security Policies (E.G. Cryptography, Access Management, Human Resources Security) And Their Compliance With Normative Requirements.• Records And Registers: Assessment Of The Completeness And Validity Of Asset Records, Information Processing Areas And Incident And Incident Registers Reports• Access Management: Checking The Procedures For Granting, Changing And Revoking Access And Compliance With Do

Contact Information