ISMS Framework

ISMS Framework

The objective of the ISMS Framework is to identify the boundaries for the Information Security Management System (ISMS) and detail the security structure in place to manage and control the ISMS for the Company. It establishes the requirements for developing an information security management framework that will form the basis of aligning the Company service offering with the requirements of attaining certification against ISO 27001.

An information security management system provides an organization with a comprehensive strategy for defining its tactical security solutions in relation to a specific service offering. Its aim is to define the characteristics of the service offering, the organization, its location, assets and technology. A key part of the ISMS is the development of the Statement of Applicability (SOA) which defines the controls selected from ISO 27001 for the purposes of managing risks identified as part of the risk assessment process.

CONTENT

1. OVERVIEW
1.1 PROCEDURE OWNER
1.2 CLASSIFICATION
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.5 OBJECTIVES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS)
3.1 INTRODUCTION
3.2 BUSINESS CHARACTERISTICS
3.3 ORGANIZATIONAL CHARACTERISTICS
3.4 ASSETS
4. ISMS PROCEDURE
4.1 PLANNING
4.2 DOING
4.3 CHECKING
4.4 ACTING
5. ISMS MANAGEMENT
6. ISMS IMPROVEMENT
7. EXCEPTIONS
8. FINAL CONSIDERATIONS
8.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
8.2 DOCUMENT REVISION

Pages: 11

Review ISMS Framework.

Your email address will not be published. Required fields are marked *

Related Products:

€829.99

Purchase

This bundle contains all the products listed in the Risk Management section. Take advantage of the 25% OFF when buying the bundle!

€49.99

Purchase

The Company Car Procedure settles the rules for granting a company car in Company and applies to every Company employee who uses a company car.

€49.99

Purchase

The Mobile Computing Policy addresses the actions that must be taken by the Company’s personnel who have mobile computing equipment, or who are temporarily using mobile computing equipment.

Get  Your Free Sample

Please use the form below to subscribe to our list and receive a free procedure template!
GET YOUR FREE TEMPLATE
>
close-link