Aligning business strategy to ISMS
How do you align business strategy to ISMS?
Assign topic to the user
In fact, the most common situation is the other way around (align ISMS to business strategy), and to do that you basically need to take business objectives and strategies into account when defining the ISMS objectives and scope.
For example, if e-commerce is an important part of the business, and the ISMS objectives and scope do not include e-commerce, then the ISMS is not aligned to the business.
Another example, if customer information is important to the business and the ISMS scope includes customer information, and there is a clear ISMS objective related to it (e.g., reduce the occurrence of a customer data breach, or comply with GDPR), then the ISMS is aligned with the business.
This article will provide you a further explanation about aligning ISMS to business strategy:
- Aligning information security with the strategic direction of a company according to ISO 27001 https://advisera.com/27001academy/blog/2017/02/20/strategic-direction-of-a-company-according-to-iso-27001/
Comment as guest or Sign in
Jul 22, 2020