Project description

The purpose of this project was to analyse and improve the information security management in Kvarner VIG Insurance company.
The project included the following activities:
  • analysis of the current IT systems, the security policies and procedures
  • establishing an Information Security Management System (ISMS) based on ISO 27001 principles
  • writing a company wide Information Security policy, which was approved by the Board
  • writing specific security policies and security procedures for different areas of the company
  • conducting a risk assessment and producing a risk analysis and treatment plan
  • risk management

Project activities

  • Conducting a security audit
  • Establishing an Information Security Management System
  • Producing security policies and procedures
  • Performing risk analysis
  • Producing a risk treatment plan
  • Risk management