Bezpečnostný projekt vymedzuje rozsah a spôsob technických, organizačných a personálnych opatrení potrebných na eliminovanie a minimalizovanie hrozieb a rizík pôsobiacich na informačný systém z hľadiska narušenia jeho bezpečnosti, spoľahlivosti a funkčnosti.
Zo zákona je prevádzkovateľ, ktorého informačný systém spracuváva osobité kategórie osobných údajov povinný mať vypracovaný bezpečnostný projekt.
How the security project is implemented:
A security project is a defined document in the Personal Data Protection Act and consists of the following parts:
The security intent defines the basic security objectives that need to be achieved to protect personal data from threats to their security. The security plan includes:
security objectives and measures
specification of technical, organizational and personnel measures
definition of the information system environment
residual risk (a risk that cannot be effectively eliminated by safety measures)
Information system security analysis is a detailed analysis of the security status of an information system with a definition of the extent of its resilience and vulnerability. The safety analysis contains in particular a qualitative risk analysis consisting of:
identification of risks, assets, threats and their impacts due to loss of confidentiality, integrity and availability
risk analysis and assessment
determining the likelihood of a security failure
identification and evaluation of risk minimization options
identification of other methods and means of personal data protection
The security project will take measures to minimize potential risks and protect the company from accidental as well as illegal damage, loss, destruction or alteration of specific categories of personal data.
Who should implement the security project:
financial advisors organized in an MLM structure
insurance intermediaries with an agency type of distribution channel
insurance agents and brokers
client-oriented companies
business companies that process clients' personal data
companies that process employees' personal data
For more information, do not hesitate to contact us either via the form or by phone.