Which work packages and steps are necessary in detail in order to build up a complete ISMS results from the various standards and orientation aids that already exist. The implementation of technical, organizational and personal security measures is always required regardless of the ISMS approach chosen. However, there are differences in implementation in the four known standards.
The best-known standard, in which the requirements for an ISMS are defined, is probably the international standard ISO 27001. Due to its generic approach, this is suitable for every corporate sector and pursues the goal of international recognition of information security in your company.
In its German standard 200-1, the Federal Office for Information Security also describes measures that are necessary to implement an ISMS. However, this standard does not mainly follow the generic management-oriented approach, but rather provides more detailed procedures for minimizing IT risks. In certain areas it also makes sense to use both sources, i.e. ISO and BSI, in parallel if you want to set up an ISMS.
ISIS12, on the other hand, is the approach for an ISMS which, due to its concrete 12-step plan, is particularly suitable for small and medium-sized companies and municipalities and provides clear instructions for implementation.
TISAX® is also a model for the introduction of an ISMS. This is aimed in particular at suppliers from the Association of the Automotive Industry. In contrast to the other standards, greater attention is paid to the protection of prototype vehicles or parts. You can find out more about TISAX® in our videos and blog articles.
In summary, it can be said that the structure of an ISMS is a complex topic. The best approach to setting up an ISMS depends not least on the desired level of security and the company’s risk appetite and must therefore be determined individually for each company.
We are happy to support and advise you personally in the selection and implementation. Our certified IT specialists are happy to be there for you. Simply fill out our contact form or write an email to firstname.lastname@example.org. We can also be reached by phone at 08505 – 91927-0.
TISAX is a registered trademark of the ENX Association.