The purpose of this project was to analyse and improve the information security management in Kvarner VIG Insurance company.
The project included the following activities:
- analysis of the current IT systems, the security policies and procedures
- establishing an Information Security Management System (ISMS) based on ISO 27001 principles
- writing a company wide Information Security policy, which was approved by the Board
- writing specific security policies and security procedures for different areas of the company
- conducting a risk assessment and producing a risk analysis and treatment plan
- risk management