CHAPTER 3: ISMS INITIATION
The first concrete steps in initiating the ISMS are to determine which continual improvement methodology to use and to put a document structure in place.
ISO 27001 recognises that a ‘process approach’ is the most effective method for managing information security. The Standard is open to the deployment of any continual improvement approach and allows for organisations that already use, for instance, the ITIL® 7 Step Continual Service Improvement approach, the COBIT® Continual Improvement Life Cycle or any other approach that may be appropriate in the organisation’s context, to be certified. One of the most widely known and widely used approaches in the management system world is the ‘Plan-Do-Check-Act’ ...