ISMS
What is an ISMS?
An Information Security Management System (or ISMS) comprises a structured set of policies and procedures aimed at the systematic management of an organization's sensitive data. Its primary objective is to mitigate risks and guarantee uninterrupted business operations by proactively minimizing the consequences of a security breach.
Image: An ISMS contains procedures and data
Compliance
When you want to adhere to a specific standard or framework, such as ISO27001 or NIST, an ISMS is a required component! It allows the organization to store, maintain and update the needed documents, data and policies.
In the cases of ISS27001:2022, you might want to collect all the resources for every specific control in a tree-like structure:
7 Physical controls
- 7.1 Physical security perimeters
- 7.2 Physical entry
- 7.3 Securing offices, rooms and facilities
- ...
8:Technological controls
- 8.1 User end point devices
- 8.2 Privileged access rights
- ...
Where and how to store an ISMS?
There are a lot of different ways to store and maintain your ISMS. Depending on the scope, size, contributors and your company's goal some solutions might be better fitting than others.
File share
A simple folder structure, possible shared over the network might be a fast and quick solution. Especially so when your company already has such an existing system in place.
Image: An example filestructure on a shared network drive
Google Drive
Similar to a folder structure on your OS, Google Drive offers the ability to create a shared folder structure.
Teams / Sharepoint
With most companies embracing a hybrid working environment, communication and collaboration platforms such as Microsoft Teams are commonplace in the modern working environment. Microsoft Teams allows for the creation of channels and teams, with file structures attached.
Image: Microsoft Teams
Atlassian Confluence
Companies that make use of the Atlassian software stack, might prefer Confluence to store their documentation in its wiki-like environment.
Image: Confluence
Compliance software
Specialized compliance tools such as ISMS.Online or Proactivecompliancetool offer a paid, but a more smooth and integrated experience. Their integrated document management systems, with added comment and tracking features provide an easy experience compared to the more manual approaches described above.
Conclusion
Depending on the existing tools that are present in the company, some options might offer an easy way to start managing your ISMS. Companies looking for a more streamlined experience can look towards specialized compliance software.