ISO Management Systems

Information Security

Information Security

Stiki's information security consulting services assist organizations in developing and implementing effective and efficient information security management systems (ISMS). At Stiki, we work with your organization in developing policies and procedures that protect your infromation technology assets and mitigate risks.

Information security is essential to organizations looking to maintain the confidentiality, availability and integrity of information. With increasingly powerful software and hardware, growing use, network connections and especially public access to the Internet, the need to ensure the security of data and equipment increases. Organizations today require information security management systems that ensure security, reliability, and quality for their clients. At Stiki, we are here to help you make this possible.

The main aspects of information security

Information is valuable and therefore needs appropriate protection. Information comes in various forms, for example, printed or written on paper, stored electronically, displayed on film or verbally communicated. Information security means that information is protected against a variety of threats in order to ensure business continuity, minimize damage and maximize performance.

Information security includes ensuring confidentiality,. integrity, and availability.

  • Confidentiality: The guarantee that information is only available to those who have the authority to access it.
  • Integrity: Maintaining the accuracy and integrity of information and processes. It must be ensured that the information is correct and undamaged.
  • Availability: Ensuring that information and services are accessible, when needed, to users with the correct authority.
Implementation of information security management systems involves several factors such as risk management, policy and procedure documentation, and implementing business continuity and recovery plans. Organizations have the option of complying with various information security standards (ISO 27001, PCI DSS) as a means of ensuring information is secure. Stiki is here to help organizations meet the challenges of complying with infromation security standards. Stiki can assist with the implementation of the ISMS.Our Information Security Services include:

  • ISO 27001 Compliance Services
  • Risk Assessment
  • Business Continuity Management
  • Policy Formulation
  • Workflows

For more information on how Stiki can assist your organization with its information security needs, please contact us at or by phone at +354 570-0600.

ISO 27001 Þjónusta

Stiki's team of experts can guide your organization in developing an implementing and information security management system that is compliant to ISO 27001. This includes all of the necessary documentation, an industry leading risk management solution, and over 50 years of combined experience in information security and the certification process.
Stiki has a 100% successful track record for all ISO 27001 implementations.

Our Approach

Our approach to successful implementation of an effective and efficient ISMS system compliant to ISO 27001 includes 5 steps:

Step 1 - Client-Oriented Project implementation and Planning

During our initial meeting we get to your business and objectives. We identify the unique challenges your organization faces and build a strategic project plan to address your ISMS needs. In this phase we define the ISMS scope, begin awareness training, and perform an initial gap analysis to understand the current situation.

Step 2 - Data Collection and Stakeholder Meetings

During this step our team works with the identified stakeholders from your organization. In these facilitative meetings we gather information in regards to stakeholder concerns, issues, and assets which they control. From there we work with stakeholders to understand the assets, threats, and their role in the business functions

Step 3 - Risk Management Process

Using our industry leading risk management solution, RM Studio, we complete a risk assessment, gap analysis, and risk treatment plan compliant with ISO 27001. RM Studio assist in assessing assets and threats based on the framework of ISO 27005. Further, RM Studio will automatically generate 11 reports necessary in the evaluation and assessment of the risk management aspects of the ISMS. Reports include the Statement of Applicability, Risk Treatment, Risk Assessment Detailed Report and an Executive Summary. RM Studio is also utilized to develope a business continuity and recovery plan for your organization. With RM Studio all of your risk management efforts are contained in a centralized repository using a scalable, dynamic tool.

Step 4 - Implementation

Upon completing the risk management portion our team will assist in identifying the priority mitigating controls to be put in place. Further, the necessary documentation, such as the security policies, processes, and security manual will be completed and finalized. The implementation process also includes further ISMS awareness and operations training.

Step 5 - The Audit and Certification

In this step, we complete an internal audit in order to prepare the team for the certification process. All incidents and nonconformities will be addressed. Further, we will work with your team to prepare for the audit. Finally, our team will be with you during the audit ensuring that all questions and concerns raised by the auditor are addressed.
With Stiki's approach, you gain clarity, focus, clear direction, action plans, and access to information security experts. For more information contact us at or by phone at +354 5 700 600.

Risk Management ISO 31000

Risk Management

Our team of risk management experts can assist and conduct risk assessments and develop risk treatment plans for your organization. At Stiki, we work with you to identify assets, threats and mitigating controls to ensure your information is secure.

Risk Assessment

Risk assessment is the overall process of risk analysis and risk evaluation.
Risk assessment includes the evaluation of threats that an organization's assets are facing. The Risk Assessment is also an appraisal of the effects of threats on the assets in question, the sensitivity of assets towards the threats and the likelihood of the threats occurring. Risk assessment also takes into consideration the scope and consequences of risk with respect to the nature of the information being processed. The objective of risk assessment is to create conditions for the selection of security controls and policies. Risk assessment should be completed and reviewed regularly in order to maintain best practices in regards to Information Security Management Systems.

Risk Treatment

Risk treatment is the process of determine your organization's course of action in regards to reducing, avoiding, transferring or accepting risk that are present. In this stage organizations determine when mitigating controls will be implemented and what actions will be put in place to address risk.

Stiki's Risk Assessment &Treatment Services

We begin the process by first understanding your organization and its business objectives. Through our client-oriented project implementation and planning meeting results, our team of experts work with you to determine the scope of your risk assessment and treatment process.
From there, we will facilitate and guide your team through the asset and threat identification process. Throughout the identification process, with our expert knowledge and experience we will assist in the evaluation of assets and threats utilizing best practices methods.
The next step is conducting the risk assessment. We complete the risk assessment process in our industry leading risk management solution, RM Studio. RM Studio allows users to complete traceable, repeatable, and scalable risk assessments based on the organization's unique condition.
Utilizing the results of the risk assessment, our team will then guide your team through the completion of a risk treatment plan. RM Studio will again be utilized and assist in the decision making process for which risk and vulnerabilities have the highest priority.
For further information on how we can assist you with your risk assessment and treatment needs, please contact us at or by phone at +354 570-0600. For more information on RM Studio, please visit the RM Studio website at

Implementation of Quality management systems

Stiki assists companies and institutions implementing quality management systems based on ISO 9001:2015. ISO 9000 is a family of standards for quality management systems. ISO 9000 is maintained by ISO, the International Organization for Standardization and is administered by accreditation and certification bodies. Quality management systems refer to all the processes carried out in order to meet the quality demands of the clients along with the management organisation of the company.
The following eight fundamentals have been defined by ISO as necessary for a company to adopt, if they want to meet their quality objectives.

  • Emphasis on the customer
  • Leadership
  • Involvement of staff
  • Thought process
  • Systematically thinking in management
  • Constant improvement
  • Decision-making built on facts
  • Communication with suppliers which is beneficial for both parties

For further information on how we can assist you with your risk assessment and treatment needs, please contact us at or by phone at +354 570-0600.