General Regulations and Standards

Although cyber protection is the responsibility of each individual company, it is necessary to ensure its functioning in the event of a sudden event from the point of view of the entire economy. A well-targeted attack can disable a company for months and cause tens of millions of crowns in damage.

As cyber incidents can fundamentally threaten key infrastructure, the EU at the European level, and hence the National Authority for Cyber and Information Security (NCIS), is legislating on the issue of cyber security.

At a time of growing digital dependence and increasing cyber threats, the European Union revised the Network and Information Security Directive, giving rise to the NIS Directive2.

This Directive, which will become part of national legislation across the European Union by October 2024 at the latest, brings new rules and requirements for companies and organisations.

Information is essential for the proper functioning of an organisation. Its efficient and especially secure processing is an important topic today. It is important to protect information adequately, especially against unauthorised access, leakage, destruction or loss. That is why there is an Information Security Management System (ISMS) that helps to manage information throughout its life cycle.

What is ISO 27001, ISMS?

ISO/IEC 27001 is an internationally applicable standard or framework for information security management systems, called ISMS. It is based on the three basic principles of confidentiality, availability and integrity. In particular, the ISMS defines the requirements for information security trust management for employees, processes, IT systems and company strategy. The adoption of an ISMS should be one of the fundamental strategic decisions of an organisation.

Why do you need an ISMS?

ISO 27001 certification is an essential pillar for protecting your assets. Holding an ISMS certificate according to the standard assures your customers that they have secured not only their own data, but also client data, as well as proactively managing and handling confidential data. By implementing an ISMS, an organization can identify potential risks and threats from information leakage and loss, thereby minimizing them.

BDO's approach

We offer our clients a complete process for implementing an information security management system into their organization, including preparation for a certification audit. Implement an ISMS into your organization with BDO in the following 5 steps.

First, we will conduct an initial information review where the necessary ISMS documentation will be reviewed and we will help you modify or improve it if necessary.
We will define the scope of the ISMS including the stated responsibilities for the information security management system and help you modify or create security policies.
We will review your asset inventory and asset management system. If your organization does not manage assets, we will suggest an appropriate methodology and help with implementation.
We will provide consulting services and support in risk identification. We will help you design or implement an appropriate methodology for their assessment and management within the ISMS.
We will help your organization prepare for a certification audit to obtain ISO/IEC 27001 certification.

At a time of growing digital dependence and increasing cyber threats, the European Union revised the Network and Information Security Directive, giving rise to the NIS Directive2.

This Directive, which will become part of national legislation across the European Union by October 2024 at the latest, brings new rules and requirements for companies and organisations.

General Regulations and Standards