Critical success factors
Critical success factors for ISMS
Published under Risk Management
To be effective, the ISMS must:
- have the continuous, unshakeable and visible support and commitment of the organization’s top management;
- be managed centrally, based on a common strategy and policy across the entire organization;
- be an integral part of the overall management of the organization related to and reflecting the organization’s approach to Risk Management, the control objectives and controls and the degree of assurance required;
- have security objectives and activities be based on business objectives and requirements and led by business management;
- undertake only necessary tasks and avoiding over-control and waste of valuable resources;
- fully comply with the organization philosophy and mindset by providing a system that instead of preventing people from doing what they are employed to do, it will enable them to do it in control and demonstrate their fulfilled accountabilities;
- be based on continuous training and awareness of staff and avoid the use of disciplinary measures and “police” or “military” practices;
- be a never ending process;
Establishing an ISMS, involves:
- establishing the necessary Management Framework;
- implementing selected controls;
- documenting the system;
- applying proper documentation control;
- maintaining records demonstrating compliance.
Latest publications
-
Interoperable EU Risk Management ToolboxThis document presents the EU RM toolbox, a solution proposed by ENISA to address interoperability concerns related to the use of information...
-
Interoperable EU Risk Management FrameworkThis report proposes a methodology for assessing the potential interoperability of risk management (RM) frameworks and methodologies and presents...
Browse the Topics