Our agile journey towards a fancy ISMS - Part 4
Door Daisy Rasing-de Joode / aug 2016 / 1 Min
Door Daisy Rasing-de Joode / / 3 min
We, Avisi, have started an agile journey. A journey with one destination: a fancy ISMS for Avisi. I gladly take you along on our trip, by blogging about the adventures we've been through. So fasten your seatbelt securely, we will travel through a roadmap to remember.
ISMS stands for Information Security Management System and its purpose is to offer a solid foundation which consists of organization's main policies (where I prefer to call it principles, rather than policies) when it comes to securing information.
These principles are extracted from the business philosophy and business processes. The next step is to verify measures that correspond with both the principles, as the daily workflows. It is important to use a bottom-up method in determining measures, because full acceptance starts with belief and approval of employees. Furthermore, a good ISMS is not a 'system' as in the traditional meaning of it with input leading to output. No, it's more like a cycle, a neverending story in improving the security of an important company asset: information.
Information security is and will be a hot topic, since cyber attacks increase and become more and more sophisticated. We live in an era where everyone and everything is online. The Internet is world full of hidden treasures, so why not try to obtain a treasure to use it in our own advantage? Think about companies storing their critical business information online. Devices which contain sensitive information about your behaviour are online. You and I store personal information online. Privacy sensitive information, such as banking accounts, passwords, and social security numbers, are stored at databases all over the world.
As Avisi, we take information security very serious and we know that - at this very moment - our data and data of our customers is transferred and kept as safe as possible. But how do we ensure that others know this as well? On the other hand, we are ready for the next level in professionalizing our company, which provides us with more structure, control, and continuous improvement. Since security awareness keeps on growing, I also believe that within a couple of years, having a proven effective ISMS will be a deciding factor in gaining new contracts. We know we take proper care of our assets, so now it's time to make this more explicit in building and implementing an ISMS together. Thus, our time is now - or actually two months ago - to evaluate and refine our security measures in a way that's proven, standardized, and internationally accepted.
Along our way in discovering our wishes and goals we decided to use the structure provided by the ISO-standards in information security (ISO27001 and ISO27002). The difference between the two standards is that you can get certified for ISO27001, which contains the values where we have to live up to and ISO27002 provides an elaboration of ISO27001, containing best practices. In our journey, we use ISO27002 as our guide. Our main goal is to implement a fancy ISMS, which fits our company and every person in it best. When completed, we have a second goal which we see as a logical next step and as a crown on our achievement: to obtain the ISO27001 certificate. But before we're at that point, I'll show you what places we have been to in discovering our goals.
The distance we have traveled so far is a learning experience. I have some tips for you, derived from the difficulties I have encountered:
Ok, now we came to the end of the first part. Did this first stop on our agile journey make you hungry for more or would you like to share your story with me? Please keep up with this blog or feel free to contact me. I would be happy to talk to you.
Until next time!
This is part 1 of the series. Below you can navigate to the other parts:
Door Daisy Rasing-de Joode / jun 2023
Dan denken we dat dit ook wat voor jou is.
Door Remco van Iersel / jul 2020 / 1 Min