This article proposes a technique that establishes the procedure for evaluating the level of efficiency of the information security department (an employee performing information security functions). The technique uses performance evaluation criteria based on the apparatus of fuzzy logic, the composition of fuzzy relations. The technique describes the procedure for evaluating the effectiveness of the information security department (information security officer) during audits in the area of "Organization and state of work on information protection", self-assessment of the effectiveness of work. The method of assessing the level of efficiency consists in presenting with the help of a set of measurements (both at the quantitative and qualitative level) the features collected to build a classification of the effectiveness of the information security department (information security officer). Based on a set of measurements of signs, the decision-maker must determine (classify) the effectiveness of work using the criteria for assessing the quality of their work. In the future, the methodology can be expanded for additional purposes of predicting the level of security of informatization objects.