top of page

Service responsible for information security

We take the tasks of the Information Security Officer off his shoulders. We carry out the level classification of the organization and the classification of its IT systems. We fill out the necessary official notification documentation.

Law L of 2013 and BM Decree 41 of 2015 make hundreds of requirements mandatory for employers. Depending on the classified security level, the employing organization must implement the mandatory elements corresponding to the level listed. In many cases, the expectations are only a framework system, the user's task is to customize them. Using the school analogy, the implementation can be implemented even at the two-under or five-star level. 


There, the external consultant can help the user to meet all the requirements at a basic level in the first instance and only then shape his information security system according to the risks and business needs. 


Many people make the mistake of overinsuring certain areas based on the recommendations and persuasion of external contractors (vendors) who offer to meet certain expectations, while others are left out during the preparation.


As part of the service, Gill & Murry takes into account the client's information security threats as well as the business and financial consequences and optimizes the costs of preparation.



  • Regular training every year.

  • Annual documentation and review.

  • Regular audit.

  • Consulting availability.

  • Organizational security level definition.

  • Carrying out a risk analysis, filling in and updating related documents.

Who do we recommend?
  • For local governments that do not have employees with the appropriate qualifications or experience.

  • For IT operators or software providers who operate for organizations that are subject to Act L of 2013.


We carry out and document the organization's security level classification according to the law. If necessary, we make a proposal to reorganize the organization so that individual organizational units have to meet the lowest possible security requirements.


We identify the organization's IT systems, regardless of whether they are mandatory ASP or interface connectors. We determine and document the security class of the systems.

Risk analysis

The Data Controller must also report the incident to the Authority if the incident occurred at a subcontractor that manages the data of its partners, customers, and users on its behalf. 

Why Gill & Murry?

We perform the IBF tasks at several municipalities and obliged organizations. We know local government and office operations, but we also have partners in the business sector who are obliged to appoint an IBF due to the legal obligation. 


We have experience in conducting Authority inspections, so we carry out the preparation with the aim of ensuring that the organization is optimally prepared during the Authority inspection. Nothing more and nothing less.

bottom of page