 |
|
|
||
|
||||
|
 Search Email BSI Asia Pacific Bookmark this page Contact the Webmaster Contact Worldwide Offices |
|
||
|
||||
|
|
|
|
||||||||||||||
|
|
|
|
|
 |
|
|
|
BSI Asia > InformationSecurity > ImplementingISMS |
|
|
|
|
|
|
|
Overview
Implementing an ISMS 
ISMS Registration
BS7799-ISO/IEC 27001 Transition Guidance
Enquiry Form
Standards
Training
|
|
|
|
Implementing an Information Security Management System There are key steps that every company implementing an Information Security Management System will need to consider: Purchase the StandardBefore you can begin preparing for your application, you will require a copy of the standard. You should read this and make yourself familiar with it. Consider Training There are training courses available to help you implement and assess your Information Security Management System. Assemble a team and agree your strategy You should begin the entire implementation process by preparing your organizational strategy with top management. At this stage you should determine the Scope of your Registration - whether the system will be adopted company wide or by one or more departments. Review Consultancy Options You can receive advice from independent consultants on how best to implement your information security management system. Undertake a Risk Assessment During this phase you should undertake a review of all potential security breaches. This should not relate solely to IT systems, but should encompass all sensitive information within your organization. Develop a Policy Document This will demonstrate management support and commitment to the Information Security Management System process. Develop Supporting Literature Put together a Statement of Applicability and Procedures to support your security policy. This will cover a range of areas including asset clarification and control, personal security, physical and environmental security and business continuity management. Choose a registrar The registrar is the 3rd party, like BSI, who come and assess the effectiveness of your information security management system, and issue a certificate if it meets the requirements of the standard. Choosing a registrar can be a complex issue as there are so many operating in the market. Factors to consider include industry experience, geographic coverage, price and service level offered. The key is to find the registrar who can best meet your requirements. A great place to start is by contacting us. Implement your Information Security Management System The key to implementation is communication and training. During the implementation phase everyone begins operating to the procedures of the management system. Gain registration You should arrange your initial assessment with your registrar. At this point the registrar will review your Information Security Management System and determine whether you should be recommended for registration. Continual assessment Once you have received registration and been awarded your certificate, you can begin to advertise your success and promote your business. Your ISMS will be periodically checked by your registrar to ensure that it continues to meet the requirements of the standard. |
|
|
|
BSI Management Systems HQ - Asia, 19/F AIA Plaza, 18 Hysan Avenue, Causeway Bay, Hong Kong Tel: +852 2147 9891 © 2006 BSI. Legal Notice. |
|
|
