Use Case: Information Security Management System (ISMS)

Alyne supports your organisation in designing and maintaining an Information Security Management System (ISMS) that aligns with common standards for information security and cyber security management.


Designing and maintaining an Information Security Management System (ISMS) aligned with common standards for information security and cyber security management such as the ISO / IEC 27001:2013, the NIST Cyber Security or SOC2 Frameworks are common for almost all organisations in need of protecting their companies’ and customers’ information. At Alyne we have regularly support our customers through our Software as a Service (SaaS) on this journey and have observed some common challenges and also analysed some success factors: 

Common Challenges

  • Targeting 100%
    An ISMS does not mean that I need to reach 100% maturity for every control at the start. It only means I need to have an appropriate management process in place to manage the full scope of the ISMS. This usually means actively managing information and cyber risk and defining appropriate actions or risk acceptances.

  • Obsess over technical measures
    Often information security management is reduced too much to individual technical measures, because these are easily understandable. What an ISMS teaches us, is that the combination of technical and organisational measures combined through engaged management is what actually increases the security posture.

  • Tick the Box
    Reducing an ISMS to ticking the box will ultimately fail. Trying to outsource this task from management to another part of the organisation will equally fail. It’s not called a management system for nothing. As management - either take part or don’t start at all. 

Success Factors

  • Integrate Organically
    Make the ISMS part of the regular agenda of interactions you already have with relevant stakeholders as opposed to scheduling new recurring meetings. That way you minimise disruption and leverage existing contact points to formalise outcomes for the ISMS.

  • Leverage Framework Synergies
    Don’t approach the ISMS in isolation. From a process, people and technology standpoint there is a large overlap with other related topics such as data privacy, operational risk management, BCM, audit and more. Your investment of time and budget is much better spent if you address the ISMS capability in this broader context.

  • Solve in Sprint
    Carve out some time in your calendar and get a large part of implementing or reviewing the ISMS done in one go over a few days. The overall time spent on the topic is minimised. If these activities drag out over time, you quickly lose momentum.

For further information and to access Alyne’s dedicated ISMS resources aligned to ISO 27001 standards, click here.

Karl Viertel

Related Posts

Avoid ESG-Related Issues with the Help of Alyne

In this new article, we discuss the heightened regulatory focus on ESG related issues as of recent events involving Deutsche Bank’s asset-management arm, DWS Group, currently under investigation over claims of inflated credentials of many ESG-labeled investment products. Furthermore, learn how Alyne can provide your organisation with cutting-edge ESG Governance, Risk and Compliance (GRC) capabilities that you can apply from the very beginning of your ESG program, right through to a fully quantified ESG Value at Risk.
Read more

The Business Value of Process Automation with Alyne Library

The Alyne Library provides business leaders with tangible business value by automating processes that generate deep insights into the often complex compliance process. In this article, Co-Founder and CFO of Alyne, Matthias Danner, summarises the 3 key benefits that the Alyne Library delivers, from policy to value.
Read more

Internal Controls and the Shifting Wave of Focus

Looking at the focus areas of internal controls since 2000, it is clear to see how the tide has shifted back and forth in the priorities of corporations. In this article, Alyne's Regional Head of Sales, Claudia Howe discusses the impact of poor internal controls systems and events that have shifted the attention between operational internal control systems and Internal Control over Financial Reporting (ICFR). How do organisations maintain the balance of well performing ICS throughout all business practices? Additionally, the article looks at the new financial reporting law in Germany: Finanzmarktintegritätsstärkungsgesetz (FISG).
Read more