Workflows and Processes

Process analysis

A large aspect of implementing effective management systems in organizations and institutions is to record and analyze the processes and standard operating procedures used. On the one hand, processes and procedures are defined by the quality standard ISO 9001:2008 or the security standards ISO/IEC 27001:2005 and ISO/IEC 27002:2005. On the other hand, there are specific processes and standard operating procedures of the business or institution in question.
In many cases, the processes are already in place, but need clarification and improvement. If the processes are not in place or only exist in employee's minds, they need to be created and recorded.
Stiki's consultants are experts in workflow and process development and work can work with your team in further refining your organizations's workflows and processes. Stiki's consultants assist companies in recording their own processes and procedures a final goal of streamlining and coordinating organizational activities.
For more information on how Stiki can assist in the design and implementation of workflows and processes for your organization, contact us at or by phone at +345 570-0600.

Gap Analysis

The first step in any information security management system or quality management system is to know where you are versus where you would like to be. Stiki´s team of experts can assist you in understanding your organization's current status against various international management standards.
Our Gap Analysis process will guide and assist you in determining your scope and the scope of implementation of various standards. Further, Stiki can assist you in determining the implementation status of each of the controls within your organization. We utilize our industry leading risk management solution, RM Studio to complete the Gap Analysis, giving you the ability to trace your continuous improvements.
For more information on our Gap Analysis Services, please contact us at or by phone at +354 5 700 600.


Stiki has for many years performed various reviews for its clients. This includes audits of the security of personal data at the request of the Data Protection Authority (external audits) as well as at the request of the audited organisations themselves (internal audits). During audits, appropriate standards are applied, e.g. the audit standard EN ISO 19011:2002. This standard defines auditing as a "systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled."
Requirements for quality, security, applicability and environmental impact are met by way of audits, among other things.

Internal audits

Internal audits (also known as first-party audits) are carried out by or for the organisation itself for internal use, and can form the base for the organisation's own statement on compliance with standard procedures.

External audits

External audits are conducted by a second or third party. Second-party audits are performed by stakeholders in the company, such as clients, or other persons on their behalf.
Third-party audits are carried out by independent companies. Such companies grant certification in accordance with requirements, as defined in requirement standards such as ISO 9001, ISO 14001 and ISO/IEC 27001.
The desire to proceed with care and pass with flying colours is inherent in most people. Audits are not new phenomena. They are a confirmation that things are as expected.

Policy Formulation

Stiki offers consultancy on the formulation of information security policies for companies and institutions. In addition to an information security policy, Stiki can develop other supporting policies, such as access policies, a telework policies, quality policies, outsourcing and contracting policies, environmental policy and human resources policies.
The policies developed with the assistance of Stiki, generally include the following:

  • Purpose
  • Scope
  • Objective
  • Action Plans
  • Responsibility
  • Review
  • Acceptance

For more information regarding our Policy Formulation Services, please contact us at or by phone at +354 570-0600.

Security awareness surveys

We conduct security awareness surveys to test your employees knowledge of your information security system. These surveys feature standard questions on IT Security as well as any additional questions you might want to add that are relevant to the subject at hand. We design the survey and supply you with a link that you send to your employees. We collect the responses and analyse the results and present you with our report on the status of IT security within your company.
For more information, contact us at +354 5 700 600 or at