The objective of the ISMS Framework is to identify the boundaries for the Information Security Management System (ISMS) and detail the security structure in place to manage and control the ISMS for the Company. It establishes the requirements for developing an information security management framework that will form the basis of aligning the Company service offering with the requirements of attaining certification against ISO 27001.
An information security management system provides an organization with a comprehensive strategy for defining its tactical security solutions in relation to a specific service offering. Its aim is to define the characteristics of the service offering, the organization, its location, assets and technology. A key part of the ISMS is the development of the Statement of Applicability (SOA) which defines the controls selected from ISO 27001 for the purposes of managing risks identified as part of the risk assessment process.
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS)
3.2 BUSINESS CHARACTERISTICS
3.3 ORGANIZATIONAL CHARACTERISTICS
4. ISMS PROCEDURE
5. ISMS MANAGEMENT
6. ISMS IMPROVEMENT
8. FINAL CONSIDERATIONS
8.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
8.2 DOCUMENT REVISION
The Mobile Computing Policy addresses the actions that must be taken by the Company’s personnel who have mobile computing equipment, or who are temporarily using mobile computing equipment.