We all have been in this situation before, been eager and inquisitive to know how far have we reached on our implementation…are we ready to be audited by the auditors…??? Are we comfortable to ask the auditors to take a stroll through our organization…???
Posts Tagged Information Security Management System
The first and foremost task to do after your certification process is to mitigate all non-conformities/non–compliances that were identified during your certification audit. This must be completed before your surveillance audit is due. Auditors will not be happy to see any of their findings to re-appear again in the following audits. If any of your policy or procedure documents require to be updated, ensure that you document these changes (version control within the documnet), get these document reviewed, approved by management and circulated to authoirzed people.
Reasons to avoid change
Apr 4
Some reasons that is commonly given by organization members to avoid change in the process.
1. Nothing has happened for the past X years. What is going to happen now and why do you want all these security
2. How is the organization benefited out of implementing information security practices…??? How much will be the profit…???
ISMS Implementation Guide is one of my first white papers which was written out of my personal experience in implementing Information Security practices in an organization using the BS ISO/IEC 17799:2005 framework. This paper is intended to give an insight and help, those who are implementing this for the first time and for those who will be coordinating with external consultants for ISMS implementations in their organizations.
Please download the document here:
ISMS Implementation Guide
Objective:
It is always a good practice to identify the risks involved in any implementation process. This is pertaining to the ISMS implementation and I have highlighted 6 points that is critical to this subject. These are based out of my experience and if there is anything more, please feel free to share it with the community.