Critical success factors

Critical success factors for ISMS

Published under Risk Management

To be effective, the ISMS must:

  • have the continuous, unshakeable and visible support and commitment of the organization’s top management;
  • be managed centrally, based on a common strategy and policy across the entire organization;
  • be an integral part of the overall management of the organization related to and reflecting the organization’s approach to Risk Management, the control objectives and controls and the degree of assurance required;
  • have security objectives and activities be based on business objectives and requirements and led by business management;
  • undertake only necessary tasks and avoiding over-control and waste of valuable resources;
  • fully comply with the organization philosophy and mindset by providing a system that instead of preventing people from doing what they are employed to do, it will enable them to do it in control and demonstrate their fulfilled accountabilities;
  • be based on continuous training and awareness of staff and avoid the use of disciplinary measures and “police” or “military” practices;
  • be a never ending process;

Establishing an ISMS, involves:

  • establishing the necessary Management Framework;
  • implementing selected controls;
  • documenting the system;
  • applying proper documentation control;
  • maintaining records demonstrating compliance.
Browse the Topics

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies