Anna Chezganova

During the year, I was engaged on a temporary part-time contract, during which time I successfully transitioned the responsibilities in the Elfa Group to the newly appointed CIO and migrated all services to a private cloud.
On 23 May, I concluded my tenure as CIO and transitioned into a full-time consulting role at itrust consulting.
As an IT Consultant/Internal Auditor, I have been actively involved in ISMS audit activities related to ISO 27001 and ISO 27701 certification, directly contributing to planning, audit execution, and compliance management.
Key activities include:
•Internal audits for TISAX certification and recertification audit of a Data Center: Managed non-conformities (NCs) from internal, external, and RTP audits, collaborated on corrective and preventive actions, and ensured compliance.
•CISO (backup) and ISMS compliance audits: Provided support to internal auditors in meeting ISO 27001 requirements, reviewing security policies, procedures, and risk management assessments.
•Internal Manager of an IT company preparing for ISO 27001 certification: Led ISMS documentation, risk assessments, and compliance readiness for certification.
•Internal Manager for communes: Managed RTP processes and prepared documentation for submission to ILR.

I have been a member of the CIO Club since January 2008 and Mentor since October 2022 to the present. I was nominated as a finalist in the 2022-2023 Best CIO of Ukraine competition
During my time as CIO of the ELFA GROUP As a mentor, I provided training and guidance on ISO 27001 and compliance with a focus on audit preparation and practical application of ISMS audits.
Key activities include:
•Internal audit training: I deliver courses focusing on ISO 27001 audit requirements, helping participants to understand the audit process for ISMS implementation and compliance. This includes auditing risk management, security controls and the overall effectiveness of the ISMS system.
•I also offer an Audit Readiness Guide, which teaches participants how to prepare their organization for internal and external audits, focusing on the key ISO 27001 audit requirements and how to effectively conduct internal ISMS audits. Organizations preparing for an ISO 27001 audit will be provided with practical audit tips, real-life examples and strategies for addressing gaps and non-conformities in ISMS processes.

In my capacity as CIO for Elfa Group companies, which have factories certified for ISO 9001 and ISO 22716, I have been involved in several key activities related to ISMS audits.
Key activities include:
•Internal ISMS Audit Preparation: I have participated actively in internal audit preparations, focusing on ISMS compliance within the framework of ISO 27001 to ensure alignment with organisational security practices. This has included reviewing policies, procedures, and documentation to ensure they meet data protection and quality management standards.
•Audit Support: Assisted with audit preparations by gathering audit evidence, identifying areas of non-compliance, and supporting the internal audit teams in reviewing ISMS-related documents and systems.
•Review of ISMS Implementation: Worked to ensure that ISMS controls were fully integrated into the company's operations and documented processes, ensuring that data security and confidentiality standards were adhered to and audited in accordance with ISO standards.
•Collaboration with External Auditors: Assisted with providing necessary documentation for external audits and ensured compliance with ISO 9001 and ISO 22716, working with
external auditors to confirm the implementation
of effective security controls and risk mitigation strategies.