Information Security Management System

Alyne supports your organisation in designing and maintaining an Information Security Management System (ISMS) that aligns with common standards for information security and cyber security management.

Introduction

Designing and maintaining an Information Security Management System (ISMS) aligned with common standards for information security and cyber security management such as the ISO / IEC 27001:2013, the NIST Cyber Security or SOC2 Frameworks are common for almost all organisations in need of protecting their companies’ and customers’ information. At Alyne we have regularly support our customers through our Software as a Service (SaaS) on this journey and have observed some common challenges and also analysed some success factors: 

Common Challenges

  • Targeting 100%
    An ISMS does not mean that I need to reach 100% maturity for every control at the start. It only means I need to have an appropriate management process in place to manage the full scope of the ISMS. This usually means actively managing information and cyber risk and defining appropriate actions or risk acceptances.

  • Obsess over technical measures
    Often information security management is reduced too much to individual technical measures, because these are easily understandable. What an ISMS teaches us, is that the combination of technical and organisational measures combined through engaged management is what actually increases the security posture.

  • Tick the Box
    Reducing an ISMS to ticking the box will ultimately fail. Trying to outsource this task from management to another part of the organisation will equally fail. It’s not called a management system for nothing. As management - either take part or don’t start at all. 

Success Factors

  • Integrate Organically
    Make the ISMS part of the regular agenda of interactions you already have with relevant stakeholders as opposed to scheduling new recurring meetings. That way you minimise disruption and leverage existing contact points to formalise outcomes for the ISMS.

  • Leverage Framework Synergies
    Don’t approach the ISMS in isolation. From a process, people and technology standpoint there is a large overlap with other related topics such as data privacy, operational risk management, BCM, audit and more. Your investment of time and budget is much better spent if you address the ISMS capability in this broader context.

  • Solve in Sprint
    Carve out some time in your calendar and get a large part of implementing or reviewing the ISMS done in one go over a few days. The overall time spent on the topic is minimised. If these activities drag out over time, you quickly lose momentum.

For further information and to access Alyne’s dedicated ISMS resources aligned to ISO 27001 standards, click here.

ZurückWeiter
Karl Viertel

Related Posts

Blog thumbnail

IT Vendor Management - Zentrales Management und Risikosteuerung

Im Zuge von Digitalisierung, Automatisierung und Kostenreduzierung werden IT-Dienstleistungen ausgelagert. Daraus erwächst die Frage: Wie können Lieferanten und einhergehende Lieferantenrisiken angemessen gesteuert werden? Dieser Artikel befasst sich mit den Verpflichtungen, denen Organisationen beim Management von Dienstleistern Dienstleistungen gegenüberstehen. Und den Funktionalitäten mittels derer Vendormanagement-Prozesse in Alyne transparenter, kollaborativer und effizienter gestaltet werden können - alles innerhalb einer Plattform.
Blog thumbnail

Alyne RegTech Partnerships - Lessons Learned to Take into 2021

Alyne's Partnership program has developed significantly over the course of the last few years. 2020 proved to be a successful testing and learning experience for Alyne and our partners. It was a year for sense-checking and putting in place structure and strategy for our partnerships that can scale with Alyne and our ambitious global growth plans for 2021 and beyond.
Blog thumbnail

Meaningful Risk Insight for Sustainable Business Growth

In our preparation for 2021, we reflected back on conversations that we'd had in the market, analysed industry trends, discussed pain points and more. We asked ourselves, what new challenges are organisations facing that were maybe not there before? Where does Alyne's product capabilities have the best natural fit in all of this? On a high level, learn more about some of the factors that led us to define our theme for the year: Meaningful Risk Insight for Sustainable Business Growth.