SecAware ISMS Launchpad comprises a set of templates for the mandatory documentation that every compliant Information Security Management System must have: a basic ISMS strategy, scope, Statement of Applicability, Risk Treatment Plan, information security policy, that sort of thing. If your organisations only needs an ISO/IEC 27001 certificate, this tidy stack of templates forms a stable, compliant platform from which to launch your ISMS. Download Launchpad and get started today!
Hot on its tail, today we announce the next phase of our mission to convince every organisation to manage its information risks properly.
If your organisation sees the value in going a little beyond the bare minimum, SecAware ISMS Take-off takes you to the next stage.
Take-off provides all of these:
The Take-off materials primarily concern management. An ISO27k ISMS is, after all, a management system.
Template #2 "Strategic objectives for information risk and security management" for instance specifies:
- "Enhance and protect the value of information by ensuring adequate confidentiality, integrity and availability"
- "Manage (i.e. identify, evaluate, treat and monitor) information risks cost-effectively and competently"
- ... plus four other key objectives.
It also lays out four non-goals to be crystal clear about what the ISMS is not expected to do (such as destroying value by costing more than it saves). All in all, this neat little single-page template packs a punch and will surely resonate with your executives.
Since there is no explicit requirement in ISO/IEC 27001 for management to document the organisation's strategic objectives, a minimalist ISMS could get by and be certified compliant without one. However, there are substantial business advantages in formulating and stating the objectives.
A ISMS based on both Launchpad and Take-off demonstrates management's commitment to protect information for sound business reasons, not just for the sake of a certificate.
No comments:
Post a Comment
The floor is yours ...