ISO

How/Where do I start?

First get support from your top management. They must demonstrate their commitment and determination to implement an ISO27001 Information Security Management System in your organisation. Without top management commitment, no information security initiative can succeed.

To provide evidence of commitment to the development and implementation of an ISMS and continually improve its effectiveness, top management should:

   *make clear to the organisation the importance of meeting customer, statutory and regulatory requirements,
   *define the organisation's information security policy and making this known to every member of staff
   *ensure that information security objectives are established at all levels and for all functions
   *ensure the availability of those resources required for the development and implementation of the ISMS
   *lead the required management review meetings
  * encourage the involvement of all staff
   *identify and communicate the key objectives to be achieved through the ISMS, such as:
       *keeping confidential information secure
       *providing customers and stakeholders with confidence in how we manage risk
      *allowing the secure exchange of information
       *ensuring that legal obligations are met
       *providing a competitive advantage
       *better managing and minimising risk exposure
       *raising awareness of security issues

Why is there no score or graph?

The Cetbix ISMS concept is that risk is zero if there are no threats or vulnerabilities, which means that nothing is shown on the graph.