Welcome to NBlog, the NoticeBored blog

I spy with my beady eye ...

3 Sep 2020

NBlog Sept 3 - ISO27001 rocket fuel




We're on a mission to convince every organisation that managing information risks properly is more than just a compliance imperative. It's good for business.

Is your organisation looking to raise its security game? Are managers worried about ransomware, privacy breaches and intellectual property theft, especially now with so many of us working from home? 

What about the business continuity risks as supply chains are stressed to breaking point by COVID-19? Are your suppliers cutting corners on privacy and security, hoping nobody will notice? Are desperate competitors taking advantage of the disruption to undermine your cyber-defences?

Worse still, is management blissfully unaware of the issues, with everyone heads-down, rowing hard, too busy to notice the icebergs dead ahead?

... Or is there a strong drive to secure and exploit information as an integral part of operations? Does being trusted by customers and stakeholders equate to brand value, new and repeat business, opening up strategic opportunities?

This is a great opportunity to
take the first step on your mission!

We have developed a modular approach based on ISO/IEC 27001. An Information Security Management System facilitates the management of information risks, information security controls, governance and assurance arrangements and so forth, 'systematically' i.e. in a structured and coherent way.

Despite being standards, ISO27k acknowledges that each organisation needs to adapt the ISMS according to the business situation and the associated information risks. Within the same general governance structure, the specific requirements vary markedly between organisations and industries. With that in mind, we've developed a suite of materials covering the mandatory requirements for every ISMS, plus add-ons for the discretionary parts. In truth, all of them - even the mandatory ones - are templates, designed to be customised ... and we can even help you with that if you like!

Through SecAware.com, we offer several packages:
  • ISMS Launchpad is a minimalist set of templates for the mandatory documentation that certification auditors are likely to insist upon - the ISMS scope, SOA, RTP and others.  Start here! 
  • ISMS Take-off adds a bundle of management-level documents. An ISO27k ISMS is, after all, a management system. There are template policies, procedures, job descriptions and more, designed to inform and engage management in the ISMS. If you don't yet have the go-ahead, build on the business case and strategy papers to convince the boss. 
  • ISMS Orbit, released this week, provides templates aimed at bringing your information security and related professionals/specialists rapidly up to speed with ISO27k. These are lengthier, more detailed documents on the whole, for example an 85-page FAQ about implementing the standards, and a hyperlinked glossary of over 350 pages (basically a book!). 
  • ISMS Mission bundles all of the above, saving you 30%.
Browse the SecAware website for listings of the modules and a few samples. 

I wrote all the materials hence the whole suite is consistent, reflecting my three decades in the field, using and contributing to the ISO27k standards while working/consulting for all manner of organisations around the world. I'm confident you won't find better quality templates anywhere else ... but if you do, or if you see gaps in our coverage, please let me know. This is a new product and we are already looking to enhance it, before the ink is even dry. On the horizon I see the possibility of further templates supporting the security controls in Annex A - more policies, more procedures, more metrics, awareness content, more advice and guidance ... 

Must dash, lots to do!

No comments:

Post a comment