Improving the ISMS

Current thinking in certification bodies is that there should be strong 'continuous improvement' for all standards that are certified. To achieve this, the organisation will review the management system with a view to continuous improvement, and discuss:

· how security activities are performing (in particular whether any activities are not performing as expected);

· the effectiveness of system controls and policy;

· the level of risk based to the organisation based on changes to technology, business objectives and processes, and potential security threats;

· the scope of the ISMS and whether it requires changing;

· possible improvements to management system processes.

The process can involve:

· Corrective Action;

· Preventive Action.

An Introduction To Information, Network and Internet Security
Improving the ISMS Current thinking in certification bodies is that there should be strong 'continuous improvement' for all standards that are certified. To achieve this, the organisation will review the management system with a view to continuous improvement, and discuss: · how security activities are performing (in particular whether any activities are not performing as expected); · the effectiveness of system controls and policy; · the level of risk based to the organisation based on changes to technology, business objectives and processes, and potential security threats; · the scope of the ISMS and whether it requires changing; · possible improvements to management system processes. The process can involve: · Corrective Action; · Preventive Action.	The Security Practitioner An Introduction to Information Security
Return To An Introduction to Information Security