ISMS Policy

IMS Policy

Describe your IS objectives. At the very least make a "top level" statement about confidentiality, integrity and availability. Because of the requirement for measurement of effectiveness, ensure that you can determine whether these objectives are being met or not.

<<>>

Quality Objectives

State in this section your quality objectives. Ensure that these capture the ISO 9001 requirements for customer focus (ensuring that (a) customer requirements are met and that (b) you aim to enhance customer satisfaction). Because of the requirement for measurement of effectiveness, ensure that you can determine whether these objectives are being met or not.

<<>>

Business Continuity Objectives

State in this section your business continuity objectives. Ensure that these take due account of business continuity requirements, organisational objectives, statutory, regulatory and contractual duties/obligations, risk appetite, interests of key stakeholders.

State the scope (extent) of business continuity and whether there are any limitations or exclusions.

<<>>

THE IMS POLICY PAGE THEN CONTINUES WITH SECTIONS THAT ADDRESS:

RISK MANAGEMENT FRAMEWORK
RISK ASSESSMENT CRITERIA
MANAGEMENT POLICIES, IN PARTICULAR THE TERMS OF REFERENCE FOR THE GROUP OF SENIOR PEOPLE WHO OWN THE IMS
INFORMATION SECURITY POLICIES, COVERING AT LEAST THE REQUIREMENTS IDENTIFIED IN ANNEX A TO ISO/IEC 27001 (ASSUMING YOU HAVE DECLARED THE RELEVANT CONTROL TO BE APPLICABLE
QUALITY POLICIES
MISCELLANEOUS POLICIES (e.g. HR if HR is our of scope)
DOCUMENTATION POLICY

IMS-Smart produced by Gamma Secure Systems Limited. Gamma is an ISO/IEC 27001:2005 and BS EN ISO 9001: 2000 registered company, certified for the provision of information security consultancy. BSI certificate numbers IS 85916 and FS 30710. Gamma Secure Systems, Diamond House, Frimley Road, Camberley, Surrey, GU15 2PS, UK Tel: +44 1276 702500 - Fax: +44 1276 692903. Use of IMS-Smart Template reference 021-080125, copyright © Gamma Secure Systems Limited, 2007-8