|
1. The Subject Of The Order Is The Development And Implementation Of The Isms Information Security Management System, And Conducting An Audit Of The Implemented Information Security Management System In Accordance With Kri At The Nowe Piekuty Commune Office. The Scope Of The Order Includes: A) Conducting A Preliminary Audit And Consultations Determining The Level Of Cybersecurity Before The Implementation Of The Information Security Management System (Isms), Including Verification Of Compliance Of The Adopted Procedures With The Provisions Of: - Regulation Of The Council Of Ministers Of May 21 2024 On The National Interoperability Framework, Minimum Requirements For Public Registers And Exchange Of Information In Electronic Form And Minimum Requirements For Ict Systems; - In The Field Of Cybersecurity Based On The Provisions Of The Act Of July 5, 2018 On The National Cybersecurity System (Consolidated Text: Journal Of Laws Of 2026, Item 20, As Amended); - In The Field Of Data Protection Based On The Provisions Of Regulation (Eu) 2016/679 Of The European Parliament And Of The Council Of April 27, 2016 On The Protection Of Natural Persons With Regard To The Processing Of Personal Data And On The Free Movement Of Such Data And Repealing Directive 95/46/Ec (General Data Protection Regulation) And The Act Of May 10, 2018 On The Protection Of Personal Data (Consolidated Text: Journal Of Laws Of 2019, Item 1781, As Amended). Audit Activities May Be Carried Out In Stationary Or Online Mode. B) Preparation/Updating Documentation Of The Information Security Management System (Isms) Preparation And Implementation Of Documentation Of The Information Security Management System (Isms) Consisting Of: Information Security Policy, Ict System Management Policy, Business Continuity Management Policy With Business Continuity Plans, Cybersecurity Incident Management Policy, Data Protection Policy, Information Security Risk Analysis In The It Area And Procedures Will Be Introduced/Adapted: Procedures For Using Mobile Devices, Remote Work Procedures, Media Handling, Access Control Procedures, Securing Rooms And Facilities, Clean Desk Procedures, Clean Screen Procedures, Backup Procedures, Log Protection Procedures, Communication Security, Network Security Management, Information Transfer, Business Continuity Plans, Incident Management Procedures, Privacy And Protection Of Personal Data, Risk Assessment In The Area Of Information Security, Staff Training, Vulnerability Management Plan, Incident Response Plan, Recovery Plan, Risk Analysis And Updating Of Policies And Procedures.
|
