Chapter 3: ISMS Initiation

The first concrete steps in initiating the information security management system (ISMS) are to determine which continual improvement methodology to use and to put a document structure in place.

Continual improvement

ISO 27001 recognizes a ‘process approach’ is the most effective method for managing information security. The Standard is open to the deployment of any continual improvement approach and allows for organizations that already use, for instance, the ITIL^® 7 Step Continual Service Improvement approach, the COBIT^® Continual Improvement Life Cycle, or any other approach that may be appropriate in the organization’s context, to be certified. One of the most widely known and widely used approaches in the management ...

Get Nine Steps to Success: North American edition - An ISO 27001 Implementation Overview now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Nine Steps to Success: North American edition - An ISO 27001 Implementation Overview by Alan Calder

CHAPTER 3: ISMS INITIATION

Continual improvement

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly