What is an Information Security Management System (ISMS)?

Understanding information security management for those new to the subject

Are you thinking about improving your information security posture? Have you been advised to do it by a switched on customer to win or retain their business? Perhaps you’re confused about jargon like ISMS or ISO 27001 and the options around compliance versus certification?

If you’re wondering how this all fits together or what you should do first for improved information assurance, let’s start from the beginning…

What is an Information Security Management System (ISMS)?

An Information Security Management System describes and demonstrates your organisation’s approach to Information Security.

It includes how people, policies, controls and systems identify, then address the opportunities and threats revolving around valuable information and related assets.

Cyber security is all about addressing technology led threats. Effective cyber security solutions are part of the broader ISMS.

 

There are many good reasons to invest in an ISMS

The facts about information security consequences speak for themselves…

 

The average cost of a security breach is £1.46m – £3.14m to a large organisation, and £75k – £311k to a small business.

Organisations face fines up to 4% of global turnover for a breach (under EU GDPR in 2018).

Suppliers will not get past basic customer evaluation criteria without effective information security credentials so there is little chance to grow a business.

Statistics taken from the Government Information Security Breaches Survey 2015 and a range of other recent reports on the subject.

 

However when done well, an ISMS will help your organisation improve and grow, delivering a huge return on the investment.

Find out more about the return on investment from an ISMS and all the benefits from better information security assurance with our business case planning resources here.

What’s included in an ISMS?

 

An effective Information Security Management System is made up of 7 elements, as shown in our pie chart.

The real size of these pie slices, in terms of time and cost, is all dependent on your objectives, your starting point, the scope you want to include in your ISMS, and your organisation’s preferred way of working.

Investing well in one slice will help reduce or avoid much larger investments in the other slices. But beware the pitfalls, such as following the cheap policy documentation route, as it will cost you much more in the long run.

 

A trusted ISMS will follow recognised standards

There are different levels of information security, physical security and cyber security maturity, as well as different standards you can achieve to evidence compliance. Those standards might be dictated by the nature of your business, its goals or your customer’s expectations. To some degree the approaches will also be determined by regulatory requirements too – for example with growing privacy and protection requirements with GDPR, the Data Protection Act and their equivalents internationally all pushing for improved security techniques, most of which draw on ISO 27001 for their foundations.  Whatever your requirements, there is almost certainly a proven framework approach that you can follow and your stakeholders can trust. 

 

How to implement an ISMS

Now that you have a better understanding of ISMS and have considered what you should do, you’ll also be thinking about how to do it as well. Whether you take a DIY approach, or bring in others to help, those 7 pieces of the pie will need investment for ISMS success.

 

Why consider our powerful ISMS cloud software?

Your focus will be on growing your business, not spending time developing the tools and technology to manage an ISMS. After all, the opportunity cost of losing focus and time could be expensive.

There were no attractive solutions when we started out on the road to managing information security, and that’s why we built ISMS.online. Now you can benefit too. We’ll equip you for ISMS success online at a fraction of the cost and time of alternatives or you trying to build it yourself.

 

 

 

We make it simple

It’s easy to build and manage your ISMS using our software solution. ISMS.online facilitates improved results with everything you need for success in one secure online environment.

 

 

ISMS.online capabilities include:

1. A simple to use ISMS, all in one secure online environment that makes management easier, faster and more effective

2. Adopt, Adapt, Add actionable ISO 27001 policies & controls approach to easily describe and demonstrate your ISMS

3. Simple, effective engagement and awareness for your staff to complement existing ways of working

4. Integrated management of the supply chain to demonstrate end to end assurance and integrity

5. A Virtual Coach service to give you confidence in your ISMS

 

Take a walk in your customers’ shoes

Which supplier’s approach to information security would you choose to protect your valuable information?

Whilst achieving level 5, a UKAS accredited ISO 27001 certification, costs slightly more initially, the return from that investment is going to be much higher.  You’ll be better protected from threats that might destroy your business, and prospective customers are much more likely to embrace your services. Your investment will be a fraction of the cost from winning and retaining business, or paying out from the costly data breach.

 

Now discover how to achieve ISO 27001 the fast and simple way

ISMS Online Rating: 5 out of 5
Share This