Information Security Management System - Critical Success Factors For ISMS

Critical Success Factors For ISMS

To be effective, the ISMS must:

• have the continuous, unshakeable and visible support and commitment of the organization’s top management;
• be managed centrally, based on a common strategy and policy across the entire organization;
• be an integral part of the overall management of the organization related to and reflecting the organization’s approach to risk management, the control objectives and controls and the degree of assurance required;
• have security objectives and activities be based on business objectives and requirements and led by business management;
• undertake only necessary tasks and avoiding over-control and waste of valuable resources;
• fully comply with the organization philosophy and mindset by providing a system that instead of preventing people from doing what they are employed to do, it will enable them to do it in control and demonstrate their fulfilled accountabilities;
• be based on continuous training and awareness of staff and avoid the use of disciplinary measures and “police” or “military” practices;
• be a never ending process;