Information Security
The Need of Information Security Management System

In today''s dynamic world, organizations''s dependence on information increases, therefore, increases interest and demands towards information. Information processing activities are required to provide greater accuracy and reliability and, as a result, organizations are consistently and gradually facing the need for implementation of specific management models and practices and customizing them for their needs.Business partners are more willing to cooperate with organizations that see the need for proper and reliable processing of information and take care of it in their own business processes.

The information security management system is recommended for organizations whose activities include processing of information or whose final product or service is information. Organizations manage resources more efficiently by determining the roles and responsibilities, correct assessment and treatment of the risks, which result in new activities and opportunities, where those resources can be used. Eventually, the organization reaches its goal faster and with less funding. This is the major advantage of information security management system in comparison with other approaches.

Any organization can benefit from information security management system despite its legal form (private, public), size, activities, and complexity of processes.

LEPL Data Exchange Agency and Legal Base

ian Law on Information Security[i]supports the development of information security; the law is intended to introduce an information security management system requirements to important organizations within the country, defined as critical information system subjects[ii]. For other organizations, the Law on Information Security is a recommendation guideline that can be used to improve organizational management.The requirements of the law are based on the standard DEA 27001: 2011, which is a localized version of ISO 27001: 2005.The amendment of the law is planned according to the revised standard ISO 27001: 2013.

Information Security and Policy Division of the LEPL Data Exchange Agency aims introduction and implementation of information security management system in Georgia and abroad as well, enabling various activities to enhance the capacity of organizations.


ur team’s experience is recognized both within the country and abroad, and the competence is proven by following certificates:


·BSI 27001 Lead Implementer / Lead Auditor,

·BSI 9001 Lead Implementer / Lead Auditor,

·BSI 22301 Lead Implementer / Lead Auditor

Our services

Support implementation of legal requirements in regard to Information Security

Increase awareness of leadership in the critical information system subjects as well as in public and private sector (training, advisory);

·Development of a set of documentation, review, advisory, monitoring and improvement of information security management system in critical information system subjects as well as in public and private sectors.

Implementation of management systems in organizations

ISO 27001 - Information Security;

·ISO 9001 - Quality Management;

·ISO 22301 - Business continuity.


Compliance audit with requirements of Georgia ''''''''s Law on Information Security and bylaws in critical information system subjects as well as public and private sectors;

Compliance audit of management systems with requirements of ISO 9001, ISO 27001, ISO 22301 standards.

Conducting training sessions based on information security legislation and ISO 27001, ISO 19011 and ISO 31000 standards

Information Security Management System: Introduction,Implementation and Audit - 5 full days(relevant position: information security manager);

·Auditing information security management system - 3 full days(relevant position: information security management system auditor);

·Information security risk management - 2 full days (relevant position: key personnel, decision makers, managers).

Note: Training sessions are free of charge for relevant positions in critical information system subjects 
(see Training page)

[i]Law on Information Security –


[ii]Critical information system subjects –