ISMS Business Case Builder – Whether to Build or Buy the Technology Part of the ISMS

Book a demo

What are the technology options for the ISMS?

Broadly speaking there are 5 ‘build or buy’ options for the solution and these are:

  1. Build your own no-tech paper-based solution
  2. Build your own low-tech solution – Email, sheets, docs, shared folders (personal & basic sharing tools)
  3. Build (or commission) your own hi-tech specialist software technology solution
  4. Buy off the shelf professional standalone applications to do specific ISMS jobs
  5.  Buy off the shelf professional all in one place ISMS

It’s pretty obvious from what ISMS.online offers that we would recommend option 5 – but the other paths all have Pros and Cons which we’ve summarised below.

An image of a stack of cards with question marks printed on them.
Build your business case for an ISMS
Download our free white paper
fa-bolt

An ISMS delivers a positive return on investment. The goal of our whitepaper is to show you why, what, and how you can get RoI from an ISMS that fits the business needs.

1. Build your own no-tech paper-based solution

Pros

  • Avoids most cyber and digital oriented risks

Cons

  • Does not meet 10 characteristics so may fail on powerful stakeholder expectations
  • Unlikely to be something anyone seriously considers even within the most sensitive of workplaces
  • Will likely cost large amounts to maintain and demonstrate compliance against

2. Build your own low-tech solution – Email, sheets, docs, shared folders (personal & basic sharing tools)

  • Perceived as free or low cost
  • Will be unable to easily meet the scope of all jobs to get done
  • Does not meet 10 characteristics so may fail on powerful stakeholder expectations
  • Time required to understand, design, architect, implement and maintain the ISMS structure for all users of it
  • Higher total cost over life than off the shelf solutions when considering all jobs to get done
  • Reliance on the person/s who built it to keep it organised and updated as standards change
  • Unlikely to be a core competence of the organisation to build an ISMS

3. Build (or commission) your own hi-tech specialist software technology solution

  • Built to exactly what you want to achieve and the way you want to work
  • Great if you have very sensitive information management constraints and working practices that other off the shelf solutions are unable to address
  • Likely to cost significantly more and take much longer than solutions already in the market in order to meet 10 characteristics
  • May distract from core competences and cause significant opportunity costs in other parts of the organisation if using limited resources
  • May mean inability to meet compelling events or deadlines for achieving actual ISMS business goals
  • Cost of maintaining and improving will be much higher than off the shelf solutions as new standards and regulations emerge (developing for one customer not many)

4. Buy off the shelf professional standalone applications to do specific ISMS jobs

  • Use alongside personal and basic sharing tools e.g. documents and spreadsheets
  • Pick and mix best of breed technologies with cheap / perceived free solutions
  • Unlikely to meet 10 characteristics so may fail on powerful stakeholder expectations
  • Cost of security, coordination, search, integration, contracting and maintaining versions are almost certainly outweighed by an all in one place service
  • Enhancements in one application do not mean overall ISMS improvement and could make things harder if a vendor releases new features that exist in the other applications

5. Buy off the shelf all in one place ISMS

  • More likely to meet 10 characteristics and satisfy powerful stakeholders
  • Easy to get going quickly with lower costs of contracting, start up and implementation
  • Use alongside personal and basic sharing tools e.g. documents and spreadsheets
  • Enhancements and new releases to parts of the ISMS also improve the whole system performance
  • All in one packaged solution may not meet the needs of some experts who have a particular way of working (unless custom/bespoke development is undertaken)
fa-bolt
We’re more affordable than you’d think
Get your quote

ISMS.online now supports ISO 42001 - the world's first AI Management System. Click to find out more