Outsourcing of Security Manager function.


With ISMS certification according to ISO/IEC 27001 your company gets a distinct competitive advantage over the competition and gains greater credibility with its customers. However, the management of information security system does not end with certification itself. The systems requires regular updating as a proof that organization reacts on changes of legislative environment or changes in security threats or arising new risks which could negatively influence your ISMS. This regular ISMS "maintenance" is therefore necessary so that the information security system can effectively serve the needs of the organization and at the same time fulfills the requirements of ISO/IEC 27001 for regular annual ISMS reviews by certification authority, so called surveillance audit.

Reasons for outsourcing the Security Manager (BM, CISO) function

  • Range of usage of Security Manager (BM, CISO) function does not require a full-time employee
  • Using knowledge and experience of specialized consulting company
  • Elimination of errors associated with ISMS ignorance
  • Obtaining "know-how" within information security management system from a reputable supplier
  • Better utilization of capacity and time for ISMS maintenance and management
  • Powerful tools for management and control of meeting deadlines and quality of individual activities. The contractual sanctions with external suppliers are usually higher than the standard penalties under the Labor Code.
  • Independence of the external security manager (functional and organizational)
  • An independent, qualified view on ISMS within organization

The entire framework of activities related to operations, maintenance and further improvement of the information security management system must be managed by an experienced employee – Security Manager – with clearly defined responsibilities and powers. There are relatively high qualification requirements, among others, based upon the Security Manager, which have to be regularly maintained and updated. To ensure these requirements is very often a complex and sometimes unsolvable problem in many organizations. In addition, the obligations arising from the office of Security Manager consume a lot of time and in the case of a cumulative function, these activities disproportionately burden the selected employee who, ultimately, cannot concentrate on his own core activities. The deterioration of the quality of his outputs is the result and at the end he is not performing his activities properly.

Therefore we offer you the OUTSOURCING OF SECURITY MANAGER FUNCTION, so called MPaket27-BM (P_ISMS0560) that is the services of a security manager according to ISO/IEC 27001. This package of service will ensure to you the continuous oversight of your system by our specialists under very favorable conditions.

MPaket27-BM Objective

To ensure high-skilled activities during operation, maintenance and further improvement of the information security management system (ISMS) according to ISO/IEC 27001. It will respect all customers' requirements, and requirements of relevant standards and valid ISMS standards.

Basic activities within MPaket27-BM:

  • periodic updating of the information security management system in the organization
  • periodic updating of ISMS documentation
  • carrying out periodic ISMS internal audits
  • independent dynamic audits of logical and physical perimeters
  • ensure oversight of risk analysis implementation, eventually updates
  • processing records from regular monitoring and measurement of ISMS, including reports on the ISMS status for the company's management
  • monitoring and implementation of all periodic inspections and records

Service parameters

Duration of service
the minimum duration of this service is 24 months. Place of performance of service: On-site / Off-site
On-site: once a month / once in two months / once in a quarter. The exact schedule of visits will be agreed prior to the commencement of the service delivery. Off-site: according to customers wishes and needs (within the agreed upon quota)
Scope of service
  • periodic updates and creation of security documentation
  • preparation of training sessions for employees
  • preparation of security audits, vulnerability and penetration testing, and evaluation of security tests results
  • design and update of actions and changes within the risk reduction plans
  • processing of data for information security analysis
  • processing of regular records from ISMS monitoring and measurements, including the ISMS report for company's management
  • monitoring and implementation of all periodic controls and records
  • evaluation of ISMS records
Response time
within 24 hours from the notification of the request (service desk, email)
at minimum once a month for an on-site consultation within working days 8.00-17.00 (5x9) – 5 working days and based on established tasks deadlines

The specific parameters of the service may vary depending on the customer's needs and requirements. The final form of the service is always defined in the form of SLA and is an integral part of the contract.

Benefits of service

  • High quality and reliable service.
  • Favorable price.
  • Cost savings.
  • You are concentrating on your core processes.
  • Your Information Security Management System will be up to date at all time
  • Regular overview of the information security status and risk index
  • Services of our Service desk are included within the price of this service, where you can apply your questions, requests and report any incidents
  • You can use additional services at preferential terms