Today I think I’m turning Japanese...I really think so! (for those too young to remember and those who would like to reminisce....The Vapors - 1980).
Why? Because I’m contemplating Kaizen, its application to information security and how it can used to improve your ISMS.
Kaizen, for those of you not familiar with it, is the Japanese word for ‘improvement”. It is recognised in business as the practice of continual improvement. Its successful implementation relies on a culture of learning that encourages the participation of everyone across the entire organisation. It encourages people to think about the processes they are undertaking and how they can be improved.
A Kaizen philosophy in an organisation has far reaching benefits and it is no surprise that the information security standard, ISO 27001:2013, incorporates continuous improvement within its requirements.
Applying Kaizen to one of the biggest business threats of our digital age makes good sense.
Why? Because a successful information security strategy relies on:
Culture - unless it comes from the top it’s unlikely to come at all. Thankfully, not before time, information security is a topic making its way onto the boardroom agenda.
Considering cyber security in isolation risks making it the sole responsibility of the IT department. Considering the risks to information security, both that of customers and internal information, places cyber security as just one element of a subject which touches all departments and staff.
A culture which recognises the potential impact on business continuity and considers information security within all processes, continually learning and striving to improve, is one that will be well placed to meet the constantly changing digital and risk landscape.
Staff engagement - From CEO to office cleaner, education and communication are a given. However, rather than dull directives, Kaizen promotes participation in the process of continual improvement and this, in turn, leads to engagement and ultimately to a lower likelihood of a breach occurring.
Measurement, improvement and evaluation - a crucial element of ISO 27001 and any good ISMS because, if we can’t measure the success or failure of our processes against our given objectives then we can’t know where or how to improve. Without accurate evaluation, based on facts, sound decisions can not be made.
The struggle for many organisations will be how to implement an information security strategy that becomes embedded in their culture, with a plan and practical processes that don’t require a huge investment in management resource.
That's where a business tool, with the basic principles of Kaizen at it's core, will help.
ISMS.Online provides all the tools that allow you to manage risk, track incidents, corrective actions and improvements, and to measure and report against given objectives. It offers a project approach, where you can define responsibilities and encourage staff engagement through collaborative functionality including discussions, tasking and alerting.
ISMS.Online is a proven and accredited cloud software solution that provides one place for managing your total ISMS, from procedures and policies right through to human resource and supply chain security.
With the ability to handle multiple compliance regimes, including ISO 27001, PCI DSS, Cyber Essentials and PSN Code of Conduct, it minimizes the inevitable duplication and repetitive processes associated with complex information security management systems.
No one-hit wonder, ISMS.Online is a cost effective solution to information security management, the Kaizen way.