Bezpečnostný projekt vymedzuje rozsah a spôsob technických, organizačných a personálnych opatrení potrebných na eliminovanie a minimalizovanie hrozieb a rizík pôsobiacich na informačný systém z hľadiska narušenia jeho bezpečnosti, spoľahlivosti a funkčnosti.
Zo zákona je prevádzkovateľ, ktorého informačný systém spracuváva osobité kategórie osobných údajov povinný mať vypracovaný bezpečnostný projekt.
How the security project is implemented:
A security project is a defined document in the Personal Data Protection Act and consists of the following parts:
- The security intent defines the basic security objectives that need to be achieved to protect personal data from threats to their security. The security plan includes:
- security objectives and measures
- specification of technical, organizational and personnel measures
- definition of the information system environment
- residual risk (a risk that cannot be effectively eliminated by safety measures)
- Information system security analysis is a detailed analysis of the security status of an information system with a definition of the extent of its resilience and vulnerability. The safety analysis contains in particular a qualitative risk analysis consisting of:
- identification of risks, assets, threats and their impacts due to loss of confidentiality, integrity and availability
- risk analysis and assessment
- determining the likelihood of a security failure
- identification and evaluation of risk minimization options
- identification of other methods and means of personal data protection
The security project will take measures to minimize potential risks and protect the company from accidental as well as illegal damage, loss, destruction or alteration of specific categories of personal data.
Who should implement the security project:
- financial advisors organized in an MLM structure
- insurance intermediaries with an agency type of distribution channel
- insurance agents and brokers
- client-oriented companies
- business companies that process clients' personal data
- companies that process employees' personal data
For more information, do not hesitate to contact us either via the form or by phone.
