• identify information security risks
• understand external & internal issues, and interested parties, relevant to information security
• develop an information security Policy - typically one page document declaringcommitment to information security
• develop a Statement of Applicability, documenting the assessment of identified information security risks and establishing controls (risk treatment) based on reference controls documented at Annex A of ISO 27001
• develop procedures -- instructions required to address information security
• control any outsourcing of information management
• develop and monitor information security objectives and targets
• embrace information security risks and opportunities throughout the business
• ensure staff are competent and understand their information security responsibilities
• monitor information security performance
• control information security nonconformances and take corrective action for significant or repetitive nonconformances
• conduct internal audits of the information security management system
• ensure senior management strategically review the information security management system
• .

• Information Security Policy Statement of Applicability
• ISMS or Management Manual Procedures
• Improvement Plan (monitoring information security objectives and targets)
• Registers – nonconformances and corrective action.

Benefits of an Information Security Management System:

• demonstrate due diligence, compliance with regulatory and customer requirements
• comply with international best security practices
• comply with tender requirements and stand out from competitors
• improve the reputation and profile of the company
• demonstrate data integrity protection to customers, suppliers and other stakeholders
• reduce the risk of fraud, loss and disclosure of information
• increased resistance to cyber
• attacks prompt detection of data leaks and rapid response to violations
• reduce costs related to information security
• all forms of information that ensure confidentiality, integrity and availability of data are protected
• ensured confidentiality in the workplace and improved corporate culture
• easily integrated with other management systems.

• contact your TQCSI Office and ask for a quote or apply on-line - TQCSI will need to know what your business does, how many employees (full time equivalent) and what types of information security risks are applicable
• to prevent delays, don’t wait until your Information Security Management System is fully implemented.