The intent of the standard itself is to “provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System”. Further, “The design and implementation of an organization’s ISMS is influenced by their needs and objectives, security requirements, the process employed and the size and structure of the organization”. In essence, the standard deals with the application of a system of processes within an organization, together with the identification and interactions of these processes, and their management”. It employs the PDCA, Plan-Do-Check-Act model to structure these processes.
- With today’s world focused heavily on extreme security/integrity of data , becoming certified is one giant step in the eyes of the customers, specially for Defense/Aerospace applications
- IT/IS groups within an organization can be certified to this standard that will in turn ensure product quality/reliability, specially if there is large software content