(Make things easier with vsRisk Standalone – Basic ) Conduct a risk assessment to identify any additional controls necessary.Identify the controls required for your contractual, business and regulatory purposes.(Train your team with industry-recognised training ) Assemble your team, and identify your objectives and the scope of the ISMS.(Read how in Selling Information Security to the Board – A Primer ) (Take a look at Nine Steps to Success – An ISO 27001 Implementation Overview ) What is absolutely essential is to use suitably competent and trained personnel to implement and manage your ISMS – either consultants or internal staff with appropriate levels of training.
The approach recommended by the many national standards institutions and other certification bodies is to align your ISMS to ISO 27001, the internationally recognised cyber security standard. It encompasses people, processes and IT systems. An information security management system (ISMS) is a systematic approach to managing confidential or sensitive company information so that it remains secure (which means available, confidential and uncorrupted).