EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
Recent Searches
Trending
-
The criterion of sustainability for Ukrainian agribusiness products based on the guidelines of FAO and the EU Taxonomy as a driver for strengthening the country’s position on commodity markets
19 Sep 2023 Climate change and sustainability services -
Top 10 business risks and opportunities for mining and metals in 2024
11 Oct 2023 Energy and resources -
Why Europe’s CEOs are confident but cautious, pushing AI and pausing ESG
09 Jan 2024 CEO agenda
Compliance assessment and implementation of the information security management system according to the ISO 27001 standard
The information security management system (ISMS) – a powerful and effective tool that is based on a risk-oriented approach and promotes the practice of continuous improvement, which helps to proactively implement relevant and effective means of protecting the information environment of companies.
The ISO 27001 standard is the world's leading practice for information security management and is widely used by many companies. According to the statistics of such organizations as IT Governance, PECB, and Advisera, the number of organizations certified according to the ISO 27001 standard grows by an average of 15-20% every year. In addition, some industries, such as banks and the financial sector, according to the regulatory requirements of Ukraine, must meet the requirements of this standard.
How EY can help
We offer our clients to join the large family of companies that have implemented ISMS according to one of the leading information security management practices - ISO 27001.
For organizations that are just starting their journey in building information security, we help determine the main threats, external and internal factors of influence, plan the implementation of ISMS and carry out the planned actions.
In case a company has already implemented certain practices and wishes to understand their effectiveness and degree of compliance with the requirements of the standard, we will be able to provide an independent assessment and recommendations for bringing these practices into compliance with the standard.
When the company is ready for the certification, we can conduct a diagnostic audit, prepare for a certification audit, and perform certification for compliance with the ISO 27001 standard by EY Certify Point, an accredited independent certification body.
What we do
We assess the current state of the ISMS and its degree of compliance with the ISO/IEC 27001:2013 standard according to two basic components: ISMS Organization (measures for system planning, which are described in the main part of the standard), and ISMS Implementation (measures for building protection elements, which are described in Appendix A to the standard). After identifying non-conformities with the standard, we develop recommendations for their elimination and, if necessary, help our clients to implement them.
Depending on the client's needs, we can offer the following areas of service:
Why EY?
Our team has vast experience in the implementation of various information security projects, including those related to the assessment and implementation of ISMS. The Ukrainian team has completed more than 10 such projects over the past 5 years for local and international companies and includes many certified experts.