Welcome
Welcome to Put the organisation's name here<<Organisation name>>'s Integrated Management System (IMS).
The scope of our IMS is:
Put in the box the scope of the IMS as it appears (or will appear) in the ISO/IEC 27001 (and ISO 9001/ BS 25999 if this IMS supports them) certificates. Remember it will be about 2-3 sentences long and apart from defining the scope as unambiguously as possible it will also give the reader some idea about what the organisation does. An example would be "The information security services provide by the IT Department in support of ABC's business of ....." Remember to turn off these instruction boxes when you have finished with them so they do not appear in the published IMS| <<>> |
The IMS was first approved on Put here the date that it was approved and link that to the minutes of the IMSF meeting that approved it. A link to the IMS records, anchor "milestoneM2" will do the trick.<<>>
Layout
Use the navigation bar on the left to move between pages. Sometime explanatory text might appear in the footnote window. To clear it it click the Clear Footnotes button in the navigation bar.
State here who can have access to what in this IMS. Note that these are the access control rules that must be enforced when the IMS is published on your intranet<<State here who can have access to what in this IMS. Note that these are the access control rules that must be enforced when the IMS is published on your intranet>>
In addition to the acronym IMS, the acronyms QMS, meaning quality management system, BCMS, meaning business continuity management system, IS, meaning information security, ISMS, meaning information security management system are also used.
The term risk treatment plan is used in this IMS with the greater and more persistent significance, attributed to it from our use of the Brewer-List methodology for measuring the effectiveness of an internal control system, than some have accorded to its use in ISO/IEC 27001:2005. This difference is subtle and is explained in the page on conformance with ISO/IEC 27001:2005. There is a similar problem with the term impact as used in BS 25999. Our resolution of this is explained in the page on conformance with BS 25999:2007.
Other terms with a specific meaning in this IMS are:
- Applicable standard(s) being ISO/IEC 27001:2005, ISO 9001:2000, BS 25999:2007.
- IMSF (Integrated Management System Forum) being the people who own the IMS.
- IMS Implementers being the people who create the IMS.
- IMS Administrators being the people who maintain the IMS.
- Internal IMS Auditors being the people tasked with performing internal audits of the IMS. Add others to this list or hide the optional region. To add text after the list edit the next optional region. If not hide it.
- <<>>