|
The Subject Of The Order Includes: Audit Of The Isms Information Security System Implemented In 14 Units, Along With Penetration Tests In 3 Units As Part Of The Project Entitled: Cybersecure Local Government In The Czersk Commune. I. Audited Units: 1. Municipal Office In Czersk, Ul. Kościuszki 27, 89-650 Czersk2. Azk (Communal Resources Administration) In Czersk, Ul. Tucholska 1, 89-650 Czersk3. Social Services Center In Czersk, Ul. Przytorowa 22, 89-650 Czersk4. Municipal Cultural Center In Czersk, Ul. Szkolna 11, 89-650 Czersk5. Local Government Kindergarten No. 1 Named After Winnie The Pooh In Czersk, Ul. Dąbrowskiego 4, 89-650 Czersk6. Local Government Kindergarten No. 2 Named After Jana Brzechwa In Czersk, Ul. Chojnicka 5, 89-650 Czersk7. Primary School No. 1 Named After Janusz Korczak In Czersk, Ul. Dworcowa 8, 89-650 Czersk8. Primary School No. 2 Named After Jana Pawła Ii In Czersk, Ul. Kościuszki 6, 89-650 Czersk9. Primary School In Gotelp Gotelp 12, 89-651 Gotelp10. Community Self-Help House In Czersk, Ul. Pomorska 12, 89-650 Czersk11. Financial Service Team, Ul. Dworcowa 31 89-650 Czersk12. School Complex In Łęg, Ul. Chojnicka 2A, 89-652 Łąg13. School Complex In Rytel, Ul. Fr. Kowalkowski 6, 89-642 Rytel14. Nursery And Childrens Club Complex In Czersk, Ul. Chojnicka 5A, 89-650 Czerskii. Scope Of Audit Work 1. Conducting: 1) An Audit Implemented In The Isms Information Security System Unit, 2) An Analysis Of The Effectiveness Of Activities In The Field Of Monitoring, Measurement, Analysis And Evaluation Of The Isms, Including A Review Of Risk And Compliance Indicators.2. The Audit Should Include:1) Preliminary Analysis And Definition Of The Scope Of The Audita) Defining The Areas, Locations And Organizational Units Covered By The Isms.B) Verification Of Records Of The Information Processing Area, Including The Accuracy Of Data On Locations, Floors And Addresses.C) Checking Whether The Scope Of The Isms Is Consistent With The Requirements Of Iso/Iec 27001 Standards And The Needs Of The Organization.2) Verification Of System Documentationa) Introduction To The Isms: Assessment Of Whether The Documentation Contains Basic Management Principles Information Security And Compliance With The Pdca Cycle (Plan-Do-Check-Act).B) Terms And Definitions: Checking Whether All Important Concepts Are Defined And Compliant With Standards.C) Organizational Context: Analysis Of Internal And External Factors And Their Impact On The Isms, Including Risk Analysis.3) Risk Managementa) Assessment Of The Risk Identification And Analysis Process, Including Risk Assessment Documentation.B) Analysis Of Remedial And Corrective Actions For Identified Risks.4) Security And Declaration Applicationa) Verification Whether The Declaration Of The Use Of Security Measures Is Consistent With Annex A Of The Iso/Iec 27001 Standard.B) Assessment Of The Effectiveness Of The Implemented Security Measures And Justification For Possible Exclusions.5) Operational Documentationa) Polic
|
