You can undergo a point in time audit or assessment and be compliant, but what happens a week later when patches have gone un-applied? Out of compliance again.
Or, you’ve been tasked to validate compliance to the PCI Data Security Standard, HIPAA HITECH, Sarbanes Oxley, NIST, and toss in a few more acronyms of your choice.
Implementing an Information Security Management System (ISMS) is an excellent way to formalize your information security processes and will aid in harmonizing a variety of regulatory and compliance needs.
Halock’s Strategy & Governance practice explains it this way: At the core of the ISMS approach is the central them that “security is a process, not a destination.” Its purpose is to provide the process approach through a management system that continuously manages technical controls across the entirety of an organization’s security requirements.
Plan-Do-Check-Act (aka the Deming model) is a process that facilitates continual improvement. ISO 27001 incorporates Plan-Do-Check-Act throughout all aspects of ISMS.
We’ll talk more about the ISO 27001 Standard in another blog.
But I think you get the idea about ISMS. It’s a process – plan-do-check-act. Think continuous management and improvement of your security processes.
Sr. Account Executive