Critical success factors

Critical success factors for ISMS

Published under Risk Management

To be effective, the ISMS must:

  • have the continuous, unshakeable and visible support and commitment of the organization’s top management;
  • be managed centrally, based on a common strategy and policy across the entire organization;
  • be an integral part of the overall management of the organization related to and reflecting the organization’s approach to Risk Management, the control objectives and controls and the degree of assurance required;
  • have security objectives and activities be based on business objectives and requirements and led by business management;
  • undertake only necessary tasks and avoiding over-control and waste of valuable resources;
  • fully comply with the organization philosophy and mindset by providing a system that instead of preventing people from doing what they are employed to do, it will enable them to do it in control and demonstrate their fulfilled accountabilities;
  • be based on continuous training and awareness of staff and avoid the use of disciplinary measures and “police” or “military” practices;
  • be a never ending process;

Establishing an ISMS, involves:

  • establishing the necessary Management Framework;
  • implementing selected controls;
  • documenting the system;
  • applying proper documentation control;
  • maintaining records demonstrating compliance.

We use cookies to ensure we give you the best browsing experience on our website. Find out more on how we use cookies and how you can change your settings.

Ok, I understand No, tell me more