Draft document, Version 01, 12 Oct 2006
0. Introduction
0.1 General
This Standard has been prepared to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS). The adoption of an ISMS should be a strategic decision for an organization. The design and implementation of an organization’s ISMS is influenced by their needs and objectives, security requirements, the processes employed and the size and structure of the organization. These and their supporting systems are expected to change over time. It is expected that an ISMS implementation will be scaled in accordance with the needs of the organization, e.g. a simple situation requires a simple ISMS solution.
This Standard can be used in order to assess conformance by interested internal and external parties.
0.2 Process approach
This Standard promotes the adoption of a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization's ISMS.
An organization must identify and manage many activities in order to function effectively. Any activity using resources and managed in order to enable the transformation of inputs into outputs can be considered to be a process. Often the output from one process directly forms the input to the following process.
The application of a system of processes within an organization, together with the identification and interactions of these processes, and their management, can be referred to as a “process approach”.
View All Information : E-Governance Information Security Standard
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment