How Did We Implement ISMS?
1. Organizational Structure for Implementation
The ISMS Implementation Project was founded in January 2011 and the ISMS Administration Office was launched in November of the same year for the purpose of driving forward the activities to get the ISMS certification.
Task of ISMS Implementation Project
a. Making policy to get the ISMS certification.
b. Leadership role on ISMS activities based on the policy.
c. Monitoring, analyzing, and improving the current situation.
Task of ISMS Administration Office
a. Making the drafts on ISMS activities
b. Documentation management of ISMS activities
c. Progress management of plans on ISMS activities
d. Clerical procedures on ISMS activities
2. Implementation Schedule
Planning Phase (Jan. - Jun. 2011)
a. Launch of the ISMS Implementation Project
b. Briefing sessions and interviews with working groups
c. Defining the scope / Making the policy
d. Identifying the information assets and the risks
Documentation Phase (July. - Spt. 2011)
a. Making the Statement of Applicability
b. Documenting the management system
Operation Phase I (Oct. - Dec. 2011)
a. Launch of the ISMS Administration Office
b. Staff training
c. Start of test operation
d. Internal audits
e. Management review
f. Application for the ISMS certification audit
Operation Phase II (Feb. - Mar. 2012)
a. ISMS certification audit (Stage 1 : documentary examination)
b. Briefing sessions for the auditees of Stage 2.
c. ISMS certification audit (Stage 2 : practical examination)