|Author||Jef Meijvis||Publish date||18/09/2023|
|Title||Maintaining an ISMS||Id||19|
|Source||019-ISMS.md||Render timestamp||Dec 06, 2023, 06:08:31 AM (GMT+1)|
|Title||Maintaining an ISMS|
|Render timestamp||Dec 06, 2023, 06:08:31 AM (GMT+1)|
Share this post:
An Information Security Management System (or ISMS) comprises a structured set of policies and procedures aimed at the systematic management of an organization's sensitive data. Its primary objective is to mitigate risks and guarantee uninterrupted business operations by proactively minimizing the consequences of a security breach.
Image: An ISMS contains procedures and data
When you want to adhere to a specific standard or framework, such as ISO27001 or NIST, an ISMS is a required component! It allows the organization to store, maintain and update the needed documents, data and policies.
In the cases of ISS27001:2022, you might want to collect all the resources for every specific control in a tree-like structure:
There are a lot of different ways to store and maintain your ISMS. Depending on the scope, size, contributors and your company's goal some solutions might be better fitting than others.
A simple folder structure, possible shared over the network might be a fast and quick solution. Especially so when your company already has such an existing system in place.
Image: An example filestructure on a shared network drive
Similar to a folder structure on your OS, Google Drive offers the ability to create a shared folder structure.
With most companies embracing a hybrid working environment, communication and collaboration platforms such as Microsoft Teams are commonplace in the modern working environment. Microsoft Teams allows for the creation of channels and teams, with file structures attached.
Image: Microsoft Teams
Companies that make use of the Atlassian software stack, might prefer Confluence to store their documentation in its wiki-like environment.
Specialized compliance tools such as ISMS.Online or Proactivecompliancetool offer a paid, but a more smooth and integrated experience. Their integrated document management systems, with added comment and tracking features provide an easy experience compared to the more manual approaches described above.
Depending on the existing tools that are present in the company, some options might offer an easy way to start managing your ISMS. Companies looking for a more streamlined experience can look towards specialized compliance software.