Vision
Establishment
Procedures
Implementation
Monitoring
Messages
About ISMS
Why ISMS
Implementation
Role of Mgt.
Training
Security Forum
Success Factors
PDCA Model
Learn ISMS

Choose a Registrar:

Once the management system is in place, to ensure its long term effectiveness it is important to become registered. The registrar is the third party, who comes and assesses the effectiveness of the Information Security Management System, and issue a certificate if it meets the requirements of the standard.

Choosing a registrar can be a complex process as there are many factors to consider, including:

Geographic coverage - some registrars only cover a small geographic area, others operate all around the world

Industry experience - some registrars will have auditors with experience from all industries, others will only cover a few

Accreditation - some registrars operate without it, some have a few, others have many accreditations- which do you want and how important is it to you.

Pricing structure and rates - some registers charge expenses on top of normal fees, others do not

Develop a Policy Document:

It is document that will demonstrate management support and commitment to the Information Security Management System process. Policy acts as the project program consisting of desired objectives and the means to achieve them.

Develop Supporting Literature:

Consider Security Policy and applicability of the system, and then design the procedures and supporting material for the implementation. This will cover a range of areas including asset classification and controls, personal security, physical and environmental security and business continuity management. It will act as a tool for training and better understanding of the system within the organization.

Consider Training:
Training and communication play vital role in implementing any system and achieving the objectives. All the staff must be trained and guided so as to follow the proper procedures and policies in their daily routine work. There can be different modes of training which can be designed according to the needs of the system and procedures. The training modules can be designed by the consultants and can give training to the entire organization.

Promote and maintain your management systems:

Maintenance in the sign of the survival and long-term growth, and like a business, management system needs to be improved, updated and maintained on a continual basis for effective management.

Continual Assessment:

Once the organization has received registration and been awarded with certificate, it should advertise success and promote business. ISMS will be periodically audited and checked by the registrar (3rd Party) to ensure that it continues to meet the requirements of the standard.


 



Enlarge