The 'Information Security Management System' (ISMS) Guide is intended as a manual for establishing, implementing, maintaining and continuously improving an information security and privacy management system. The guide is published by the Information Security Service.
An Information Security Management System (ISMS) is a process-oriented approach to information security. It is a management system that focuses on the risk management process so that risks are adequately managed. The ISMS drives information security activities and is maintained through the plan-do-check-act cycle. The ISMS can also be applied for a process-oriented approach to privacy, such as for the obligation arising from the General Data Protection Regulation (AVG) to take appropriate security measures.
The purpose of the ISMS is to continuously assess whether security measures are appropriate and effective, and whether they should be adjusted. Among other things, it helps municipalities manage risks, implement appropriate security measures, learn lessons from incidents, and thereby ensure the reliability and quality of information provision and business continuity. If the ISMS and ENSIA are well aligned, accountability through ENSIA will go a lot smoother.
Guide: Information Security Management System (ISMS) Guide
This publication can also be found in the Information Security file
Source: VNG | IBD
