A full, "implementation" actually consists of various phases that all come together.
These typically consist of:
1) Readiness Assessment
2) ISMS Development
3) ISMS Implementation
4) ISMS Certification
If you want to specifically target #3, then you are looking at making sure that you have a good domain definition, risk assessment against that domain, and are prepared to deploy the ISMS througout your scope or organization.
Most times, people confuse ISMS implementation with ISMS development. The real "heavy lifting" comes during the development phases where you actually define and build the ISMS. The "political", or organizational change challenges can come into play during the implementation phase.
The most effective ISMS programs have a scope that is managable for certification, but has organizational impact through the program itself.
I've been down the road of leading a successful certification for the organization that I worked for, so this is a valid, proven approach.
A full, "implementation" actually consists of various phases that all come together.
These typically consist of:
1) Readiness Assessment
2) ISMS Development
3) ISMS Implementation
4) ISMS Certification
If you want to specifically target #3, then you are looking at making sure that you have a good domain definition, risk assessment against that domain, and are prepared to deploy the ISMS througout your scope or organization.
Most times, people confuse ISMS implementation with ISMS development. The real "heavy lifting" comes during the development phases where you actually define and build the ISMS. The "political", or organizational change challenges can come into play during the implementation phase.
The most effective ISMS programs have a scope that is managable for certification, but has organizational impact through the program itself.
I've been down the road of leading a successful certification for the organization that I worked for, so this is a valid, proven approach.
Hope this helps some.
Scott Erkonen
HotSkills-Inc.
[ reply ]