When we talk about ISMS we have to think about two key success factors:
- You need the right expectations. ISMS is not an IT topic! The ISMS topic usually ends up very quickly in the IT department. But it does not belong there. In fact, at the beginning of the ISMS implementation, we deal with issues such as document control, roles and responsibilities, defining security goals, and so on. Why does ISMS end up in the IT department? This is because a lot of security measures that result at the end of the ISMS process are IT measures. Naturally, these IT measures must be implemented by IT.
- You need the will to change. You want to implement an ISMS, but nothing should change? This will not work! The ISMS intervenes in existing processes. These processes have to be adapted very often. Likewise, new processes must be created and implemented. So it’s an organizational development.
Why are companies struggling with the definition of the ISO / IEC 27001 scope?
What can go wrong, will go wrong when defining the scope. And what does all of this have to do with the GDPR? If you want to know how to do it right and at the same time support your business model, then read on here (on LinkedIn, in German).
Why are companies building ISMS silos?
By ignoring essential activities in the ISMS implementation process, an ISMS often ends up as a silo. Too much has been invested to just spin off the ISMS as a whole, and at the same time, the ISMS is kept as far away from the actual business processes as possible so it does not bother. Prevent this from happening and do it better like described here (on LinkedIn, in German).
Why are companies struggling with the confidentiality classes?
Don’t fall into this pit. Make it easier for your employees to deal with the confidentiality classes and read on how to do that, here (on LinkedIn, in German).
More tips for the ISO 27001 implementation
In addition to information security process consulting, you will gain access to 150+ technical security consultants from the SEC Consult team, assisting you with the implementation of technical security measures, such as:
- Development of Security Strategies / Cyber Security Strategy
- Gap analysis to ISO/IEC 27001
- Construction and implementation of information security governance
- Setup and implementation of Information Security Risk Management
- Planning and execution of asset criticality assessments, information security risk assessments and information security risk treatments
- Creation of Information Security Policies and Standards
- Planning and implementation of information security awareness training
- Information Security Compliance on special topics such as requirements of ISA VDA / TISAX or ECB / FMA
- Rent a CISO