Chapter 3: ISMS initiation

The first concrete steps in initiating the ISMS are to determine which continual improvement methodology to use and to put a document structure in place.

Continual improvement

ISO 27001 recognises that a ‘process approach’ is the most effective method for managing information security. The Standard is open to the deployment of any continual improvement approach and allows for organisations that already use, for instance, the ITIL Continual Service Improvement approach, the COBIT life cycle or any other method that is appropriate in the organisation’s context. One of the most widely known approaches in the management system world is the ‘Plan–Do–Check–Act’ (PDCA) model, which will be familiar to quality and business ...

Get Nine Steps to Success - An ISO 27001:2022 Implementation Overview now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Nine Steps to Success - An ISO 27001:2022 Implementation Overview by Alan Calder

CHAPTER 3: ISMS INITIATION

Continual improvement

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly