IT Governance projects

The scope of the IT audit includes:

• Workflows related to the information settings
• Linkage of the systems for managing the mandatory and voluntary pension fund
• Compliance of the applications within the current data protection regulation
  Reserve location
• Ensuring security of the portal and the web page (Penetration testing using the black box pentest methodology)

KB First Pension Fund

GIRDA – Gameplay for inspiring digital adoption

Erasmus+ programme – Key action: Cooperation for innovation and the exchange of good practices

EC - Erasmus + programme

Development of technical specification for the new SEZK.
Deliverables:

• analysis of the current system for electronic health cards
• development of cost-benefit analysis for new options
• development of technical specification for the new centralized cloud signing system
• development of tender documents

The main objective of this project was supporting iDex for the venture financed by the Macedonian Fund for innovations and technical development – eell.me: an online platform for inside navigation and location-specific content provision.
Activities include:

• Facilitation of a strategic workshop to define an innovative solution and establish a common understanding of the project team
• Support the presentation and presenting innovative solutions to investors
  Support in project management, monitoring and reporting to investor
• Analysis of the legal and security elements of the platform
  Implementation of legal requirements for privacy: Privacy impact assessment and Privacy by design

The project activities included defining a methodology for performing the IT audit and conducting audit of the Information System for Automation of the Process of Issuing Seismic Conditions in the Construction of Facilities delivered by third party.
Deliverables
-Methodology for Auditing the Information System
- Report on Auditing of the Information System for Automation of the Process of Issuing Seismic Conditions in the Construction of Facilities

The project activities included conducting two surveys to identify the key IT industry standards and certificates that have impact on the quality of processes and productivity on companies operating in the ICT sector. The first survey was conducted through interviews in the target markets (United Kingdom + Ireland, Scandinavian countries, the Netherlands, Germany, United States, Turkey and Middle East). The second survey was conducted through online questionnaires in the region (Albania, Bosnia and Herzegovina, Kosovo, Macedonia and Serbia). Consequently, based on the two surveys, the greatest gaps in certifications that are yet to be obtained by regional companies were identified, so their competitiveness on the target markets could be significantly increased with such certificates.

Business process modeling and upgrade of ISMS in AB Soft

The goal of the project is implementation of integrated management system (IMS) in the company taking into consideration the standards ISO9001:2008 and ISO27001:2013.

T&P was subcontractor for Native in design and implementation of comprehensive framework for Integrated Management System consisted of ITSM - ISO 20000 and BCMS based ISO 22301

Design and implementation of comprehensive framework for Integrated Management System consisted of QMS based on ISO 9001, ISMS based on ISO 27001, ITSM based on ISO 20000 and BCMS based ISO 22301:2012
Activities included:
- project management
- assessment of the readiness for establishment of integrated management system
- risk assessment
- business impact assessment
- development of framework for Integrated management system
- business process modeling, documentation of the system
- training for project team for documentation and implementation of the system
- internal audit, and
- assessment of the readiness for certification of implemented Integrated management system.

The project objective was to develop an IT audit methodology and audit questionnaire in line with the existing risk-based internal audit.
Activities:
- assessment of the current state of organization and security control in the overall IT
- analysis of the current Internal audit framework and practices
- development of risk-based IT audit methodology
- development of IT audit checklists
- review of the Operational risk assessment
- coaching for IT audit
- awareness rising on IT governance.

The project objective was to assist in Implementation of Information Security Management System.
Design and implementation of Information Security Management System based on ISO 27001
Activities included: assessment of the readiness for implementation of information security management system, risk assessment, documentation of the system, training for project team for documentation and implementation of the system, internal audit, and assessment of the preparedness for certification of implemented ISMS.

Small Enterprise Assistance Fund, USA (financier)

Subcontractor for Security and ICT staff assessment
Activities included: assessment of the ICT staff and organization, as well as current state of the IT system in terms of security assessment of the physical controls, application controls, anti-virus, access controls and network controls; Data assessment of how Databases are maintained and how Data is treated and protected, assessment of the  operational procedures and controls (including access controls, data integrity controls, audit logs, backup/restore procedures, and business continuity/ disaster recovery).

The goal of the project is implementation of ISMS based on ISO 27001 and preparation for certification.
Activities included:
• Assessment of the current situation in CRM in regards to the requirements of the standard ISO 27001
• Development of action plan for implementation
• Development of documentation for the ISMS
• Training of the CRM team:
     o Introduction to ISO 27001
     o Risk assessment
     o Internal audit of the implemented ISMS
• Support in internal auditing of the implemented ISMS and defining corrective / preventive actions

Technical assistance in support to the social welfare fund, republic of Yemen – phase III

Activities included:
• Review IT training, define training needs, and prepare IT Training program for 2013-2014,
• Support the development of a Help-Desk at the IT Department in the SWF Head Office, including the preparation of the terms of reference for the Help- Desk and the preparation of job descriptions,
• analyze the operations in the IT department and prepare and IT Department manual to cover both processes and main policies,
• Analyze  the  actual  situation  concerning  the  MIS  development and propose steps and approaches for further development

The project objective was to review the adjustment of the personal data protection documentation of the company with the requirements of the law on personal data protection
Activities:
• Documentation review
• Personal data collection review
• conversation with the persons authorized for personal data processing
• Review of the technical and organizational measures

Project activities:
- Audit and assessment of the adequacy of the organizational structure and responsibilities of Ministry of Information Society and Administration (MISA) in terms of managing ICT in the context of ISO 38500 IT Governance;
- Audit and assessment of practices and implemented controls for compliance with the requirements of ISO 27001 information security management system
- Identification of ICT areas that require MISA to pay attention in order to align them with best practices.

Participation in team of experts engaged for the purpose of development of methodology for valuation of IT and appropriate training program for the future valuators.
Activities included:
- Analysis of the Law for valuation
- Analysis of the world best practices for valuation of IT
- Analysis of other methodologies for valuation in Macedonia
- Definition and description of IT assets
- Development of Methodology for valuation of IT
- Definition of training plan for IT valuators
- Public hearing for the methodology for valuation of IT
- Development of bylaw act for methodology for valuation of IT

Design and implementation of comprehensive framework for Integrated Management System consisted of ISO 9001, ISO 27001, ISO 20000 and ISO 14001.
Project activities: Assessment of the readiness for establishment of integrated management system, development of framework for Integrated management system, business process modeling, documentation of the system, training for project team for documentation and implementation of the system, internal audit, and assessment of the preparedness for certification of implemented Integrated management system.

Design and implementation of comprehensive framework for Integrated Management System consisted of ISO 9001, ISO 27001, ISO 20000 and ISO 14001.
Project activities: Assessment of the readiness for establishment of integrated management system, development of framework for Integrated management system, business process modeling, documentation of the system, training for project team for documentation and implementation of the system, internal audit, and assessment of the preparedness for certification of implemented Integrated management system.

CaSys - Establishment of IT Service Management System based on ISO20000:2005

Readiness assessment for implementation of ITSM based on ISO 20000:2005. Training of the project team, framework development, documentation of policies, plans, processes, procedures, records for IT service management, Service Improvement, Planning of new services, Service delivery, Resolution Management, Release Management, Control Management, Relationship Management.

CaSys

2009

Cacttus- Implementation of integrated management system inclusive of QMS based on ISO 9001:2008 and ISMS based on ISO 27001:2005

Readiness assessment  for implementation of integrated management system consisted of Quality management system based on ISO 9001:2008 and Information security management system based on ISO 27001:2005, development of IMS framework, documenting the system, training for the Cacttus' project team and appropriate documentation and implementation of the system, internal audit training and preparation for certification of the implemented IQISMS.

BAS Kosovo- Co-financer/Cacttus, Kosovo

2009

E- Cadastre - project review and evaluation

Consultancy services for E-Cadastre project: expert opinion on the scoping of the functionalities and implementation activities of the project; IT Project Management; IT contract Management, Analyzing work processes and modeling workflow information systems, recommendations. Project results:                  

• Findings and recommendations- List of the scoping of functionalities
• Expert opinion about  activities needed for successful implementation                                 

Swedesurvey AB

2009

Pre-assessment for preparation for implementation of ISMS based on ISO 27001 in Hi-Tech (Phase 1)

 "Business Case" and evaluation of readiness for implementation of information security management system in BPI Hi-Tech .

IFC/Hi-Tech

2007

Establishing ISMS based on ISO 27001:2005 in Hi-Tech (Phase 2)

Implementation of Information Security Management System according to ISO 27001. Readiness assessment for  implementation of Information Security Management System according to ISO 27001,  framework development, system documentation, Hi-tech project team training for standard' general requirements, training for internal assessors of ISMS, readiness assessment for certification for the system.

IFC / Hi-Teach

2007 - 2008

Establishment of ISMS and ITSM in AML -  Development capacity - supplies against money laundering - Lot 1

Establishment of IT Service Management System based on ITIL and aspects of ISO20000:2005, and Information Security Management System based on ISO27001:2005. The goal of this project is to establish support to the development and consolidation of a functional and effective anti-money laundering system, through application of critical technology infrastructure components that give the Agency a long term capability to expedite implementation of anti money laundering legislation and enforcement.
 
The part of the project realized by T&P included:
- Support to the Project Manager with Project Administration
- Preparation of Information Security and IT Management System Manual.

ЕАR / Ministry of finance

2006 - 2007

Review and upgrade of the established ISMS and ITSM in AML 2008

Upgrade of results from AML project trough assessment of the established security controls, assessment of compliance with Macedonian legislative, revision of the existing documentation (manual, policies and procedures) and training for the IT' employees management system and introduction to the system for all employees.

Directorate for Prevention Money Laundering and Terrorism Financing

2008

Establishing ITSM in Kosovo Juridical Council (CMIS)

Establishment of IT Service Management System based on ITIL and aspects of ISO20000:2005. Development of IS strategy for KJC in Kosovo aiming to finalize the integration of the CMIS - Case management IS. Trajkovski Ljubomir was the project manager.

UMNIK/EAR Kosovo

2006 - 2007

Establishment of ITSM in Ministry of Finance (DIS)

Establishment of IT Service Management System based on ITIL and aspects of ISO20000:2005. The project was focused towards building the capacities of the Ministry of Finance - CFCU & NF; T&P was responsible for defining working model supported with ICT and preparation of ICT policies and procedures based on ITIL and ISO 20000.

EAR / Ministry of finance

2006

Establishment of ISMS based on ISO 27001 in Marnet

Awareness raising, preparation of basic documentation for information security management system based on ISO 27001:2005 in MARNET

USAID / UKIM

2006

Establishment of ISMS in Teteks Credit Bank

Design, documentation  and implemenatation of security information system based on ISO 27001:2005 in TKB. Awareness raising, risk assessment and preparation of the ISMS documentation (manual, policies, procedures and records templates)..

Teteks Credit Bank

2006

Establishment of in ISMS Inet

Preparation of “IT Mark“ declaration for information security  level 1 and 2 in Inet

APPRM / Inet

2006

e-GOV  security aspects 

Organization of information security in E-Gov projects, with proposal of basic functions and activities related with security.

USAID project  е-GOV

2006

“Information Security Initiative” - Metamorfozis

Project “Information Security Initiative”  - Ljubomir Trajkovski is engaged as information security expert.

Metamorfozis

2007

Feasibility study for implementation of ISO standards in Zito Vardar

Consortium Challenge realized feasibility study for implementing ISO Standards and standards for food safety in Zito Vardar.
T&P realized the ISO 9000 segment and provided project management assistance.

Zito Vardar

2005

Business Process Reengineering - ENC and implementation of QMS based on ISO 9001

Business Process Reengineering through defining optimized business process model of MBS and preparation for implementation of Quality management System based on ISO 9001. Documentation of policies and procedures according to ISO 9001 standard.

Euro Netcom

2005

Business process reengineering - MBS and implementation of QMS based on ISO 9001

Business Process Reengineering through Defining optimized business process model of MBS and preparation for implementation of Quality management System based on ISO 9001. Documentation of policies and procedures according to ISO 9001 standard.

MBS

2004

Study for development of Science Institutes in Croatia

The BPR - GLOCKOM' team has made an analysis of the Science Institutes' work in R.Croatia  with reengineering of the working processes and proposal for new model of organization for Ruger Boskovic–Zagreb and  Brodarski Institute–Split trough:  - analysis of the current situation in the science institutes;  
-comparison with successful world experiences;           
-defining a process model;                                              
-plan for implementation of the new organizational model
-recommendations for current improvement of the work                         

World Bank and Ministry of science in R. Croatia

2004 - 2005

SWEB

Increasing the efficiency of public services by using mobile technologies focusing on the security of the transactions. T&P is a technological partner of City of Skopje and partner in consortium.

EC FP6/Skopje

2006 -2008

ELSA Conference - Information Security Training

On the conference " Legal challenges in cyber environment" organized by the student organization ELSA, T&P Consulting  organized short trainings for information security on theme:

• Defining and explaining the meaning of  the notion information and basic types of information
• Security and internet security
• Most common treats of information security
• System for information security
• Standards and recommendations for information security on internet

ELSA

2008

BSI Training for work continuity and information security management

Training for work continuity and information security management systems, organized by BSI on the event „BSI Communication“ in Novi Sad.

BSI

2007

Strategic workshop for ISMS in Macedonian Bank

Strategic workshop for introducing the management team with business continuity plan and information security.

Macedonian Bank

2006

BSI 7799 training

Organization and realization of BSI 7799 basic training and training for auditors.

Participants from ICT centers and civil service

2005

MASIT-  Introduction to ICT services management system

MASIT - organization of IT firms, organized a session on which T&P Consulting presented the IT service management concept. Theme: „Is “ISO/IEC  20000 IT Service Management System”  applicable in our 'firms"

MASIT

2009

МT Service Level Agreement Training (SLA)

Training for the MT management team with aim to increase the awareness of the need for using contracts for defining the level of service quality offered.

Macedonian Communication

2002

PIOM IT Strategy

Evaluation of IT current infrastructure, comparison with progressive world systems for pension funds' support.  IT Strategic Plan was proposed as a support of the current Strategic plan for PIOM' reform.

World Bank / Government of Republic of Macedonia

2003

Development of training modules for civil servants – Managing for Quality

The project funded by DFID was aimed at developing, organizing and delivering a training program for middle level managers in the public administration. The entire program was split into logical modules covering a specific topic. Trajkovski & Partners got the module for Managing for Quality. The delivery of the training modules was done over a period of 6-9 months, module after module. 

DIFID   / Agency of civil servants

2003-2004

Concept and strategy of strategically integrated information system of Ministry of labor and social policy

Define strategy for modernization and action plan for first year ICT projects.
Analyses of the current processes, BPR of the business processes, IT concept with functions and data and plan for implementation of priority projects.
Realization of information system for Market Inspection focusing on electronic document management system.

Ministry of labor and social policy / Market Inspection

1997

Prepaparation of National Project Management Methodology for developing Informational Systems and providing quality system

 The methodology is recommended for realization of IT projects financed by the budget of R.Macedonia. It describes life cycle in realization of the IT project by phases and segments, it defines activities and results, it gives documentation pattern, it defines project control book and has a special part for project organization and managing quality. The methodology was based on PMI Institute methodology.

Ministry of science, all government and state institutions

1996