Information Security Management System. You can undergo a point in time audit or assessment and be compliant, but what happens a week later when patches have gone un-applied?  Out of compliance again.

Or, you’ve been tasked to validate compliance to the PCI Data Security Standard, HIPAA HITECH, Sarbanes Oxley, NIST, and toss in a few more acronyms of your choice.

Implementing an Information Security Management System (ISMS) is an excellent way to formalize your information security processes and will aid in harmonizing a variety of regulatory and compliance needs.

Halock’s Strategy & Governance practice explains it this way:  At the core of the ISMS approach is the central them that “security is a process, not a destination.”  Its purpose is to provide the process approach through a management system that continuously manages technical controls across the entirety of an organization’s security requirements.

Plan-Do-Check-Act (aka the Deming model) is a process that facilitates continual improvement.  ISO 27001 incorporates Plan-Do-Check-Act throughout all aspects of ISMS.

We’ll talk more about the ISO 27001 Standard in another blog.

But I think you get the idea about ISMSIt’s a process – plan-do-check-act.  Think continuous management and improvement of your security processes.

Nancy Sykora
Sr. Account Executive