A2F Consulting, precursor player in the field of security management according to ISO 2700x standards, assists you in setting up your Information Security Management System (ISMS). We define, according to your own constraints, the organization, policies and procedures that will ensure the monitoring and continuous improvement of the security of your IS.
A2F Consulting, will accompany you in the ISO 27001 certification of your structure or of a part of your systems:
State of play ISO 27001 (evaluation of the remainder to be done)
Definition of compliance action plan
Implementation of the support documentation (ISMS policy, the entire ISMS document standard, Risk analysis and management, Statement of applicability, training of personnel, etc.)
Accompaniment to the implementation and first turns of the PDCA wheel
A systematic approach to risk management in information security is necessary to implement appropriate and proportionate means of protection. We therefore propose an approach adapted to the environment of our customers and aligned with their general approach of risk management.
Risk Analysis
Our risk analysis approach conforms to the ISO-27005 standard and is adapted from the EBIOS 2018 and MEHARI method.
The study of the context is based on interviews with officials in the launch phase.
Expression of needs is carried out in collaboration with representatives of business, users, and contractors.
The study of threats and the development of risk scenarios are carried out on the basis of interviews or on the basis of results of technical or non-technical audits.
Security objectives are recommended to address key risks and record the results of the study in a master plan for example.
Risk Management
The risk management strategy aims to put the definition of the action plan into a managed logic as presented in the ISO-27005 standard. The risk management strategy is used to investigate the decision to process, transfer, refuse or accept risks based on the level of risk, but also on the operational, technical, organizational and financial acceptability of the measures to be implemented.
We propose an action plan that presents a timetable taking into account these different criteria, and the action sheets inherent to each risk for which the decision to treat has been taken.
A Risk cartography is consolidated. This cartography is then maintained and driven by the risk management process.
A2F Consulting, accompanies you in the orientations to be taken in terms of security and accompanies you in the implementation of the action plans and Master Plan. In this context, the Security Policy of the Information System comes from a strategic vision of the organization and reflects a strong commitment from senior management.
A2F Consulting accompanies you in the definition and the communication of an applicable, controllable, applied and controlled security policy.