GALIOT ISMS
Information Security Management System


Comprehensive Information Security Management in compliance with EASA Part-IS, ISO/IEC 27001:2022, and NIST 800.

MAIN FEATURES

  • Threat landscape (Threat sources & agents identification and assessment)
  • Asset landscape (Critical asset classification and identification)
  • Loss landscape (Impact and outcomes classification)
  • Security control landscape (Preventive and recovery controls)
  • Vulnerabilities identification and assessment
  • Multiple security scenarios risk assessment
  • Voluntary and security occurrence reporting
  • Security incident investigation
  • Root cause investigation methodology
  • Security controls efficiency and reliability calculation
  • Security test and inspection
  • Corrective actions management
  • Security performance measurement and monitoring
  • Security promotion

What makes GALIOT ISMS different?

  • Integrated safety and security reporting. Forward or redirect reports between Safety and Security
  • Integrated Safety and Security Risk Management. Share threats and consequences between Safety and Security Bow-Tie risk assessment
  • EASA Part-IS, ISO/IEC 27001:2022, and NIST 800 series standards supported
  • Plan, Do, Check, Act management system
  • Risk Assessment based on the U.S. National Institute of Standards and Technology (NIST) methodology
  • Risk assessment approval and re-assessment policy
  • Four Days Hands on Security Workshop
  • Dedicated User’s Roles and Access Rights Permissions
  • Bow-Tie Security Risk Visualisation and Assessment (best/worst scenario)
  • Email Alert and reminder engine
  • Barrier-based security occurrence Investigation (B-SCAT)