Hardware Reference
In-Depth Information
After nearly two years of experimentation, Codasystem became the first private
company ISO/IEC 27001 certified in Luxembourg, thus successfully concluding the
first step of our project. Moreover, all the lessons learnt during this experiment have
provided significant inputs for Step 2 of the project. They are summarised in the next
section.
4.2 Identification of the Objectives of the Guide
As seen in the previous section of the paper, this first experiment with Codasystem
brought us interesting feedback regarding the implementation of an ISMS in a SME.
Those inputs have been analysed in order to highlight some key issues and thus have
shown the challenges of such a research project. As a result, a methodological guid-
ance is indeed necessary, in order to achieve the following objectives:
Objective 1 : Downsize the requirements in order to reduce the cost and the com-
plexity of an ISMS . The set of ISO/IEC 27001 requirements has to be scaled down,
in order to fit with the limited resources of most SMEs.
Objective 2: Smooth the approach to the users . Implementing an ISMS should not
be perceived as a constraint imposed by business strategy. Therefore, a smooth ap-
proach has to be developed introducing processes, PDCA paradigm and manage-
ment systems benefits to users.
Objective 3 : Give the major recommendations and generic tasks to ensure the
proper operation of the ISMS . Part of the work is transversal, like documentation
management and management responsibility: it takes place all along the successive
PDCA tasks. Therefore, the guide should start by presenting these specific actions,
detailing how they affect the whole system.
Objective 4 : Provide implementation guidance for each process of the PDCA cy-
cle . ISO/IEC 27001 presents all those requirements in a rough listing while the
presentation of these items should require a simple, standard and clear pattern. All
the inputs needed to ease fulfilment should also be provided.
Objective 5 : Ensure coherence and reliability of this tailored handbook . The goal
is to allow the possibility of having a smooth transition towards ISO/IEC 27001
certification. Therefore, the guide has to remain strictly aligned with the original
requirements, in order to necessitate only simple improvements if a SME wants to
achieve a certification.
Objective 6 : Provide tool support . A framework of documentation tools and tem-
plates should be proposed as a support for the implementation. The aim is to accel-
erate the process of implementation and decrease the cost involved (particularly for
documentation). It should also serve as a basis for packaged market-oriented solu-
tions and services (next transfer part of the research project).
5 Building the Guide
In order to achieve the objectives set in Section 4.2 of this paper, the guide has been
built with these specific aspects in mind. The following paragraphs explain how we
tackle the issues highlighted in the preceding ones.
Search WWH ::




Custom Search