About Us
     QISMS - INFORMATION SECURITY POLICY


1. Introduction

Trajkovski & Partners Consulting LLC has adopted a set of policies and procedures that reflects its commitment to information security. These policies are reviewed annually, on a Management Review Meeting.

This Information Security Policy applies to all Trajkovski & Partners Consulting LLC information assets and demonstrates the commitment given to security assurance and the efforts being made to comply with best professional security standards.

The purpose of the Information Security Policy is to protect our information assets from all threats, whether internal or external, deliberate or accidental. Through the Information Security Policy, the controls and supporting policies, we aim to ensure confidentiality, integrity and availability of Information at Trajkovski & Partners Consulting LLC at all times.

An assessment of the security measures required to protect the assets has been conducted and documented in Risk Assessment and Treatment Plan found in Annex 6.4. and Annex 6.5. This includes business domain risk assessment according to ISO 17799/ISO 27001:2005.

Through this policy we, at Trajkovski & Partners Consulting LLC, as well show compliance with the applicable legal requirements.

2. Our Business

Trajkovski & Partners Consulting LLC is a small management consultancy practice offering management consulting services to both private and public sector organizations, but as well to organizations seeking to work with these sectors.

Our existing and prospective client base demands a high quality output and ultimately our business depends on providing our clients with good quality advice and continuous support. Due to the nature of Management Consulting, we are aware of the value of Information and its security.

The commitment we undertake in this policy statement therefore reflects the nature of our business.

3. Statement of Intent

It is the policy of Trajkovski & Partners Consulting LLC to apply effective and appropriate information security set of controls, which may be policies, practices, procedures, organizational functions and software functions.

The Company's policies on information security are supported by its other policies relating to quality assurance and the company's commitment to continuing professional development and training for its employees and associates.

Our approach to information security includes both technical and non-technical controls, and covers all ten aspects of Information Security. In all cases Trajkovski & Partners Consulting will seek the client's approval of use of sensitive client's information as defined in our contract.

Trajkovski & Partners Consulting will ensure that the following requirements are met:

•  Information is protected against unauthorized access

•  Confidentiality of information is assured

•  Integrity of information and service is maintained

•  Availability of information and service is maintained

•  Authentication ensures only authorized user access

•  Regulatory and legislative requirements are met

•  Business Continuity plans are produced and maintained to support this policy

•  Information security training is available to all staff

•  All breaches of information security, actual or suspected, are reported to, and investigated by the Quality and Information Security Manager (QISM).

Specific policies and controls that support it are documented in Annex 6.5 of this Organization's Manual and in the Statement of Applicability.

4. Responsibilities

The Managing Director / Management Representative

tickHolds ultimate responsibility for the Integrated Quality and Information Security Management System and approves the Information Security Policy. Ensures adherence to the Quality Policy and Information Security Policy, as well as its review and communication to all staff. Also acts as Quality and Information Security Manager ensuring effective implementation of these policies, but holds the right to delegate that responsibility to a competent Consultant.

tickHolds responsibility for the continuous improvement of the effectiveness of the Integrated Quality and Information Security Management System through the Information Security Policy, Security Objectives, audit results, monitored events, corrective and preventive actions and the management review.

tickReviews the policy on regular intervals to ensure appropriateness.

All Consultants

tickHold responsibility to ensure implementation of applicable Information Security Controls to provide for the integrity, availability and confidentiality of Information Resources. As well, everyone holds responsibility for reporting security incidents.

The Security Working Group

tickHolds responsibility to approve this policy, assign security roles and coordinate implementation of security.

 

Signed by                                                                                                                                           Date: 25.8.2007

Ljubomir Trajkovski, M.Sc. CMC.

Managing Director

potpis-Ljupco.jpg

 

 

Copyright © 2007 Trajkovski & Partners Management Consulting