Information Security Management System

Alyne supports your organisation in designing and maintaining an Information Security Management System (ISMS) that aligns with common standards for information security and cyber security management.


Designing and maintaining an Information Security Management System (ISMS) aligned with common standards for information security and cyber security management such as the ISO / IEC 27001:2013, the NIST Cyber Security or SOC2 Frameworks are common for almost all organisations in need of protecting their companies’ and customers’ information. At Alyne we have regularly support our customers through our Software as a Service (SaaS) on this journey and have observed some common challenges and also analysed some success factors: 

Common Challenges

  • Targeting 100%
    An ISMS does not mean that I need to reach 100% maturity for every control at the start. It only means I need to have an appropriate management process in place to manage the full scope of the ISMS. This usually means actively managing information and cyber risk and defining appropriate actions or risk acceptances.

  • Obsess over technical measures
    Often information security management is reduced too much to individual technical measures, because these are easily understandable. What an ISMS teaches us, is that the combination of technical and organisational measures combined through engaged management is what actually increases the security posture.

  • Tick the Box
    Reducing an ISMS to ticking the box will ultimately fail. Trying to outsource this task from management to another part of the organisation will equally fail. It’s not called a management system for nothing. As management - either take part or don’t start at all. 

Success Factors

  • Integrate Organically
    Make the ISMS part of the regular agenda of interactions you already have with relevant stakeholders as opposed to scheduling new recurring meetings. That way you minimise disruption and leverage existing contact points to formalise outcomes for the ISMS.

  • Leverage Framework Synergies
    Don’t approach the ISMS in isolation. From a process, people and technology standpoint there is a large overlap with other related topics such as data privacy, operational risk management, BCM, audit and more. Your investment of time and budget is much better spent if you address the ISMS capability in this broader context.

  • Solve in Sprint
    Carve out some time in your calendar and get a large part of implementing or reviewing the ISMS done in one go over a few days. The overall time spent on the topic is minimised. If these activities drag out over time, you quickly lose momentum.

For further information and to access Alyne’s dedicated ISMS resources aligned to ISO 27001 standards, click here.

Karl Viertel

Related Posts

Blog thumbnail

Budgetabstimmungen für 2021 - Unser Business Case Builder unterstützt Sie.

Im letzten Quartal des Jahres starten die Budgetabstimmungen und mit ihnen kommen Fragen rund um Toolauswahl, Prioritäten und Umsetzungszeiträume auf. Wir möchten Ihnen die Vorbereitung auf diese Diskussionen erleichtern, Argumente an die Hand geben um Sätzen wie “nächstes Jahr gibts kein Budget für Tooling” zu begegnen und Ihnen einen gründlichen Überblick über Ihren Business Case verschaffen. Aus diesem Grund haben wir den Alyne Business Case Builder entwickelt, ein Tool das auf Basis unterschiedlicher, voneinander abhängiger Faktoren Argumente liefert.
Blog thumbnail

RiskNET Summit 2020: Gelebtes Steuern in Unsicherheit

Wir als Alyne haben uns sehr über die Gelegenheit gefreut uns auf dem diesjährigen RiskNET Summit zu präsentieren und fanden es als sehr bereichernd uns mit Teilnehmern aus unterschiedlichen Bereichen auszutauschen. Lesen Sie den vollständigen Artikel und erfahren Sie mehr über die dort besprochenen Topthemen sowie unseren daraus resultierenden Schlussfolgerungen.