• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 531
  • Last Modified:

enterprise security policy, ISMS

i was asked to deploy a  ISMS,although i`ve never done this before. if anyone has some templates ready,id be very grateful.
  • 2
1 Solution
David Johnson, CD, MVPOwnerCommented:
What is ISMS ?? Need more details
btanExec ConsultantCommented:
i believe ISMS is referring to the ISO 2700x stuffs, meaning the information security mgmt system.


Below are useful resources you can tap to but note that the latest is ISO 27001:2013 instead of the 27001:2005. Organizations currently certified should not expect much difficulty in transitioning from the 2005 version to the 2013 version. So good to focus on 2013 instead..

Some question to ask oneself first..
a) How long does it take to implement ISO 27001 / BS 25999? @ http://blog.iso27001standard.com/2011/11/08/how-long-does-it-take-to-implement-iso-27001-bs-25999/

b) Do you really need a consultant for ISO 27001 / BS 25999 implementation?

The above is pretty nice article from a writer whom is quite experience and share tips in implementing and achieving the certification. Another is the differences on 2005 and 2013 version.


A big change here: these are not mentioned within some other requirements, but now there are separate clauses with very concrete rules. The rules are that you need to set clear objectives, you need to define who will measure them and when, and you need to define who should analyze and evaluate those results. Further, comprehensive plans need to be developed that will describe how the objectives will be achieved.

The biggest change is there are no preventive actions anymore, at least not at first sight – they are basically merged in risk assessment and treatment, where they naturally belong.

Note the new controls and those retired one ...


naturally, controls from ISO 27001 Annex A cannot change without changing ISO 27002 because the essence of these two standards is to be aligned. Since the structure of ISO 27002 is completely aligned with controls from ISO 27001, all these changes are also valid for new ISO 27001 Annex A.
DukewillNukemAuthor Commented:
this looks good.does anyone have a template which i can directly use?
btanExec ConsultantCommented:
So far, no public template but the ISO document would already serves as general baseline to chart further customisation to your need and environment
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now