Obtaining management support for an ISMS
Hi, I hope you are well, I am trying to convince top management to invest ISO 27001. I am writing the scope of the ISMS. I have two statements:
1) Information Security Management System applicable to the provision of IT Services supporting information assets of the organization.
2) Information Security Management System applicable to the provision of IT Services of the organization.
Which one is the best option to go? if you can help me to build another you are most welcome.
Assign topic to the user
First is important to note that before go for for the scope of the ISMS, and talk about assets, you need to convince top management to support ISO 27001 in terms of business benefits, like:
- improvement of business opportunities
- decrease of costs with incidents
- decrease of effort to comply with legal requirements
- improvement of internal organization
Considering that, your text for the goal of the project could be rephrased like:
- Information Security Management System applicable to improve business opportunities related to the provision of our IT Services
- Information Security Management System applicable to decrease the costs of incidents related to our IT Services.
As for the ISMS scope it is not enough, becuse the standard requires you to consider also other aspects. For additional information, see:
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
- How to set the ISMS scope according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/how-to-set-the-isms-scope-according-to-iso-27001-free-webinar-on-demand/
These articles will provide you further explanation about obtaining support of top management:
- Four key benefits of ISO 27001 implementation https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/
- 4 crucial techniques for convincing your top management about ISO 27001 implementation https://advisera.com/27001academy/blog/2016/09/12/4-crucial-techniques-for-convincing-your-top-management-about-iso27001-implementation/
These materials will also help you to have an idea on how to present ISO 27001 to your management:
- Project proposal for ISO 27001 implementation https://info.advisera.com/27001academy/free-download/project-proposal-for-iso-27001-implementation-powerpoint
- ISO 27001 benefits: How to obtain management support [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001-benefits-how-to-get-management-buy-in-free-webinar-on-demand/
Comment as guest or Sign in
Jan 09, 2020