you are here: ISMS  
  • Deutsch
  • English

Development of an Information security of management system

What should be reached?

An information security management system (ISMS) is introduced into the enterprise which guarantees the availability of the business processes in the enterprise and offers an adequate protection to the avoidance of business damaging incidents. Risks are limited with lasting effect. Another building block is created by an intelligent toothwork with the IT service management for the continuous optimisation of the IT systems and processes.

How do we proceed?

1. Planning:

At first the general basic conditions are determined. A coarse appraisal of the perceived value and meaning of information, business processes and applications occurs for the enterprise. Responsible persons are named for business processes and applications. The definition of the security objectives occurs together.

With the help of the security guideline it is described generally understandably for which purposes with which means and which structures security of information within the enterprise should be produced.

2. Conversion:

The phase 2 deals with the production of the security concept. At first it is fixed for which area the security concept should count. Here our experiences shows, that one should proceed in small steps.

It is necessary to analyze the existing infrastructure and to document it. The assessment of the need for protection fixes what kind of protection would be sufficient and adequate for the business process, the processed information and the used information technology.

Within the scope of the measure planning it is fixed with the help of the IT basic protection catalogues which safety measures are necessary. Typically for IT systems being in use are safety measures, that either realised or in planning. Realised and planned measures form together the base for the security concept to be implemented.
Within the scope of a risk analysis it is determined which residual risks exist and how to handle them.

3. Control of success:

The observance of the defined measures as well as the conversion degree of the planned measures is continuously to be supervised. Trigonum supports you, on this occasion, by efficient reporting tools which give information to the status of the achieved security level of your enterprise at any time.

4. Optimisation:

The reporting delivers the base for the continuous optimisation of the ISMS and supports you by cost and capacity planning.

 What can you expect?
  • Professional support during the introduction of an information security management system.
  • Creation of the base for a systematic and economically laid out security of information within the enterprise.
  • Creation of a contribution to the risk prevention
  • Cost reduction by clear and optimised structures and processes.
  • Adjustment of the ISMS to a worldwide approved standard and creation of the base for a certification of the ISMS.
  • Rise of the efficiency by improvement of the internal IT processes.
  • Rise of the trust with customers, suppliers, banks, assurances etc...