iSMS, controls, commitment, context, scope policy, and objectives
Let’s try to understand what an iSMS is and how to deal with it.
iSMS
You might not have heard the word iSMS.
It isn’t very common outside of Governance, Risk management, Compliance (GRC) nerd slang, but if you want to be part of the club, you should refer to the information Security Management System, or, for short, the iSMS. If your company has implemented (or is on its way to implementing) a risk-based information security management policy, be sure that it was (or it will be) done by using an iSMS, to ensure things are standardized.
The main advantage is that such a system facilitates compliance with several regulations, including the General Data Protection Regulation (GDPR), and focuses on the three critical components we have already seen: confidentiality, integrity, and availability. For the sake of correctness, we should add non-repudiation (you cannot pretend you haven’t received...