The objective of the ISMS Framework is to identify the boundaries for the Information Security Management System (ISMS) and detail the security structure in place to manage and control the ISMS for the Company. It establishes the requirements for developing an information security management framework that will form the basis of aligning the Company service offering with the requirements of attaining certification against ISO 27001.
An information security management system provides an organization with a comprehensive strategy for defining its tactical security solutions in relation to a specific service offering. Its aim is to define the characteristics of the service offering, the organization, its location, assets and technology. A key part of the ISMS is the development of the Statement of Applicability (SOA) which defines the controls selected from ISO 27001 for the purposes of managing risks identified as part of the risk assessment process.
CONTENT
1. OVERVIEW
1.1 PROCEDURE OWNER
1.2 CLASSIFICATION
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.5 OBJECTIVES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS)
3.1 INTRODUCTION
3.2 BUSINESS CHARACTERISTICS
3.3 ORGANIZATIONAL CHARACTERISTICS
3.4 ASSETS
4. ISMS PROCEDURE
4.1 PLANNING
4.2 DOING
4.3 CHECKING
4.4 ACTING
5. ISMS MANAGEMENT
6. ISMS IMPROVEMENT
7. EXCEPTIONS
8. FINAL CONSIDERATIONS
8.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
8.2 DOCUMENT REVISION
Pages: 11
This bundle contains all the products listed in the Risk Management section. Take advantage of the 25% OFF when buying the bundle! Users who purchased ISMS Framework, also purchased: Information Security Strategy and General Principles €49.00 Purchase Checkout Added to cart Physical and Environmental Security Policy €79.00 Purchase Checkout Added to cart
The Company Car Procedure settles the rules for granting a company car in Company and applies to every Company employee who uses a company car.
The Mobile Computing Policy addresses the actions that must be taken by the Company’s personnel who have mobile computing equipment, or who are temporarily using mobile computing equipment.
Review ISMS Framework.
You must be logged in to post a review.