ISMS

Information Security Management System

ISMS Framework

This information security management system (isms) framework is developed to reduce the setup time for your security program. This bundle contains following set of documents which are necessary to satisfy the requirements of ISO27001 standard:

  • Certification Guide

  • ISMS Framework

  • SoA [Template]

  • Org. of InfoSec [Template]

  • Performance Evaluation

  • Policy Exceptions

  • Security Awareness

Statement of Applicability

A template for capturing the Statement of Applicability (SoA) of your ISO/IEC 27001 Annex A, along with the reasons for selecting or not selecting the controls stated within the standard. SoA is a mandatory document within your ISMS framework. It includes:

  • Control statement

  • Applicability

  • Implementation status

  • Reasons for inclusion or exclusiona

Policy Exceptions

Once the policies are set, there needs to be a mechanism to deal with exception scenarios arising from the day-to-day security operations. The 'exception to policy' document provides a method to document such exceptions and the associated risks. Topics covered under this document are:

  • Applicable risks

  • Exception documentation

  • Approvals to exceptions

  • Exception to Policy Template

Security Awareness

Humans being the weakest link in security, awareness trainings are never enough. The training materials included here is catered to include the needs of most organization. Some of the sample topics are:

  • Information security overview

  • Classification and handling

  • Responsibilities of staff

  • BYOD policy

  • Physical security policy

  • Clear desk policy

  • Protection from malwares

  • Security incidents

ISMS Certification Guide

The ISMS certification guide explains the high level steps to be followed from project kick-off till certification. It explains:

  • Certification Overview

  • Establishing an ISMS org.

  • ISMS Framework

  • Security Risk Management

  • External Audits

  • SoA

Security Organization

The 'organization of information security' document defines various roles that are needed to operate an information security program, and their responsibilities. Some of the significant roles defined within this document are:

  • Chief Executive Officer

  • CISO

  • Information Security Manager

  • Security Risk Manager

  • Security Operations Manager

Performance Evaluation

It is important to set the right objectives for your ISMS program that are aligned to the business strategy of the organization. The performance evaluation template will allow you to monitor these Information Security Management System (ISMS) objectives.