PL EN
PL EN
787 974 136
731 901 601
Implementation methodology Standard information Benefits Testimonials
DJB Doradztwo Implementations ISO 27001

ISO 27001 Information Security Management System

With our help, you will implement ISO 27001

Certyfikat Certificate with guaranteed certification
Czas Fast implementation
Puzzle Tailored to your company's needs
Bez papierologii No unnecessary paperwork

Over 5,000 small, medium, and large companies have trusted us over 25 years:

xerox brother good-mills promedica 24 stalesia norvacc holidayin eisberg univar hanarol mwv lot parp minimax
Request a free quote

fill out the form or call us

787 974 136 731 901 601
Certificate guarantee
Bezpieczne dane

Your data is safe with us.
We care about your privacy.

Implementation Methodology

Discover our unique implementation methodology that guarantees
successful certification.

1 Company Analysis
During the on-site audit, we verify the processes operating within the Client's organization. We assess the level of security required by the standard and compliance with data protection regulations (GDPR).
Step 1: Company Analysis
2 GDPR
We identify weaknesses and gaps in the Client's documentation related to personal data protection.
Step 2: GDPR
3 Information Security Policy
During the on-site audit, we review the processes in place within the client's organisation. We assess the level of security required by the standard and compliance with data protection legislation (GDPR).
Step 3: Information Security Policy
4 Organizational Context
We define internal and external factors as well as the needs and expectations of interested parties.
Step 4: Organizational Context
5 Risk and Opportunity Analysis
Based on a company analysis and risk management standards, we select a risk management methodology tailored to the client's needs. We work with the client to analyse the risks and opportunities associated with their business processes.
Step 5: Risk and Opportunity Analysis
6 Risk Treatment Plans
We discuss and work with the client to develop a strategy for managing unacceptable risks.
Step 6: Risk Treatment Plans
7 System Procedures
We discuss and develop system procedures such as: documented information, internal audits and corrective actions. We also prepare attachments to the procedures.
Step 7: System Procedures
8 Declaration of use
We discuss and draw up a security policy. We help the client select the appropriate security measures for their organisation.
Step 8: Declaration of use
9 Safety Procedures
We discuss and develop information security procedures, including: Access control, Rules for granting user permissions, Rules for the use of passwords in IT systems, Rules for the use of IT systems, Rules for remote working, Periodic review of access rights, Operation of systems and networks, Email accounts, Information security policies for email use, Management of removable media, Backups, Information handling policy, Information classification, Clean desk and screen policy, Incident management, and measurement of security effectiveness.
Step 9: Safety Procedures
10 Business Continuity plans
We discuss and develop business continuity plans with the client to prepare their organisation for disaster situations.
Step 10: Business Continuity plans
11 Training
We conduct training on the requirements of ISO 27001:2023, the procedures implemented, and the key principles of the information security system for the Organisation's staff, as well as training for internal auditors.
Step 11: Training
12 System Review
We carry out internal audits. We assist in setting information security objectives and conducting a management review.
Step 12: System Review
13 Advisory Support
We help select a certification body and support you during the certification process.
Step 13: Advisory Support

What We Provide to Our Clients

Certyfikat
Guarantee of obtaining certification
Procedury
Development of all procedures and instructions
Zegar
Fast and efficient implementation
Certyfikat
Training confirmed with certificates

Information about ISO/IEC 27001

What is it?

ISO/IEC 27001 is an international standard for Information Security Management Systems. ISO/IEC 27001 certification is recognised worldwide.

The ISO/IEC 27001 standard provides guidance to help organisations establish, implement, maintain and continually improve an Information Security Management System. The purpose of the ISMS is to safeguard the confidentiality, integrity and availability of information. Its scope covers people, processes and technologies. The ISO/IEC 27001 Information Security Management System helps to identify risks associated with information security breaches. It helps to reduce the likelihood of such breaches occurring. The application of ISO/IEC 27001 enables a faster response and limits potential negative consequences should adverse events occur. An organisation that applies the requirements of ISO/IEC 27001 is able to operate more effectively and efficiently. Holding ISO/IEC 27001 certification increases business benefits. Organisations operating in accordance with the requirements of the Information Security Management System are more credible, which translates into increased competitiveness.

Structure

The structure of the ISO/IEC 27001 standard is aligned with the requirements of the Annex SL framework. The ISO/IEC 27001 system is compatible with other management systems, such as ISO 14001:2015, which makes the integration of management systems more efficient.

The ISO/IEC 27001 standard is divided into 10 main sections. The first three describe the standard, while sections 4 to 10 contain requirements related to information security management. The structure of the ISO/IEC 27001 standard is as follows:

1. Scope

2. Normative references

3. Terms and definitions

4. Context of the organization

  • Understanding the organisation and its context        
  • Understanding the needs and expectations of interested parties 
  • Determining the scope of the information security management system
  • Information security management system

5. Leadership

  • Leadership and commitment      
  • Policy
  • Roles, responsibilities and authorities

6. Planning

  • Activities relating to risks and opportunities
  • Information security objectives and planning to achieve objectives

7. Support

  • Resources                           
  • Competence               
  • Awareness                 
  • Communication         
  • Documented information  

8. Operational activities

  • Planning and oversight of operational activities
  • Information security risk assessment
  • Information security risk management

9. Performance evaluation

  • Monitoring, measurement, analysis and evaluation
  • Internal audit          
  • Management review

10. Improvement

  • Non-conformities and corrective actions
  • Continuous improvement

Who is it for?

The ISO/IEC 27001 standard is designed for any organisation, regardless of its size or sector, with a particular focus on organisations where data protection is of critical importance (e.g. IT companies, financial institutions, healthcare providers).

Benefits

  • Protection of customer and employee data
  • Acquiring new customers
  • Enhancing the company’s reputation
  • Effective management of risks associated with data breaches
  • Compliance with GDPR requirements
  • Reduced risk of financial penalties and losses resulting from data breaches

Testimonials

See what our clients say about our implementations

AGH
Main Library of the Stanisław Staszic University of Science and Technology in Kraków
"The Main Library of the Stanisław Staszic University of Science and Technology in Kraków confirms that in 2011, DJB Doradztwo Marcin Chorąży provided a service at the Main Library of the University of Science and Technology consisting of the implementation of an information security management system compliant with the PN-ISO/IEC 27001 standard. The subject of the contract was performed with due diligence, in accordance with professional expertise and within the timeframe specified in the contract.

We particularly appreciate the delivery of a series of training sessions on the ISO 27001 standard for staff and management, which enabled us to organise proper oversight of the information security management system and its continuous development."
AGH BIBLIOTEKA GŁÓWNADr Jerzy Krawczyk
Deputy Director of the Main Library
View testimonials
DIRECT COMMUNICATION Sp. z o.o.
"Working with DJB Doradztwo enabled us to quickly implement the ISO 27001 system, provide professional training for our staff, and efficiently obtain the system certification required by our business partners.

Professionalism, flexibility and punctuality – these are the qualities that set DJB Doradztwo's staff apart. Thanks to them, the process of implementing the ISO 27001 system did not place an additional burden on our staff and allowed them to carry out their daily duties."
DIRECT COMMUNICATION Sp. z o.o.Krzysztof Kunowski
IT Director
View testimonials
PRIME FORCE Sp. z o.o.
"DJB Doradztwo Marcin Chorąży carried out a project for our organisation to implement the ISO 9001:2015 and ISO 27001:2017 standards in a professional and reliable manner, which enables us to recommend their services to all interested clients.

The implementation objectives were achieved to a high standard in terms of both content and organisation. The company developed excellent training materials tailored to our needs."
PRIME FORCE Sp. z o.o.Kazimierz Konarski
Commercial Director
View testimonials
SANDS PARTNERS Sp. z o.o.
"SANDS PARTNERS Sp. z o.o., based in Wrocław, would like to extend its sincere thanks to DJB Doradztwo Marcin Chorąży for their assistance in implementing the Information Security Management System (ISO 27001). The implementation of the System was carried out in a professional and timely manner, demonstrating excellent knowledge of the subject matter and an appropriately chosen approach. We rate our cooperation with the staff of DJB Doradztwo Marcin Chorąży very highly, both during the organisational phase and following the successful implementation of the System."
SANDS PARTNERS Sp. z o.o.Bartosz Strożek, Grzegorz Struś
Management Board of Sands Partners Sp. z o.o.
View testimonials
View all testimonials
Djb Doradztwo

DJB DORADZTWO
Marcin Chorąży

ul. Kilińskiego 121 C / 152
90-049 Łódź
Offer
Company
Copyright 2026 DJB Doradztwo
Privacy Policy Contact