An ISMS (information security management system) should be an essential part of any organisation’s information security practices. It consists of a set of policies, procedures and controls that manage threats to your data, such as cyber attacks, hacks, data leaks or theft. It can be applied to the entire organisation or a specific area or department.
ISO 27001 describes best practices for an ISMS, and certifying to the Standard ensures that your organisation’s security measures are as effective as possible.
How to implement an ISMS
Implementing an ISO 27001-compliant ISMS consists of the following key stages:
- Scope the project.
- Get board commitment and secure budget.
- Identify interested parties, and legal, regulatory and contractual requirements.
- Conduct a risk assessment.
- Review and implement the required controls.
- Develop internal competence.
- Develop management system documentation.
- Conduct staff awareness training.
- Measure, monitor, review and audit the ISMS.
Achieving and maintaining accredited certification to ISO 27001 can be challenging, especially if you are new to the Standard. Our cost-effective ISO 27001 Expertise Bundle will give you a comprehensive understanding of the Standard’s requirements and best practices, and provides expert guidance on starting your implementation project.
The bundle includes:
- An expert guide to help you get to grips with the Standard and make your ISO 27001 implementation project a success;
- A must-have guide for presenting the compelling business case for ISO 27001 investment;
- A pocket guide to understand the possible breach scenarios your organisation could face, and the true costs involved; and
- An indispensable book to equip you with the sales skills you need to persuade the board to invest in information security.