What is O-ISM3 good for?
There are several ways to use O-ISM3:
- For someone who is using ISO9001: Build your ISMS using ISO9001 principles and infrastructure you already have and understand;
- For someone who has no IS Management System: Build your ISMS in stages around your Business Goals, not some external or artificial goals;
- For someone who wants to outsource security processes: Find out exactly what to outsource, who to link it to internal processes and how to create SLAs;
- For someone who want to show commitment with security: Get a meaningful certificate that is not only compliant but useful (further business goals);
- For someone who is already spending loads in IS: Use Security Targets and learn at least if the IS management system is working, or use Metrics and manage your IS management system with or without Auditors around you;
- For someone who is experiencing pains using other approaches: Suit you processes to your needs in an environment by environment basis. Stop using Production Environment requirement for your Development Environment;
- For a CISO: Get to tell Top Management, Middle Management and Administrators what are their responsibilities on security, in a more specific way than "Security is everyone's responsibility";
- For businesses that are going out to tender for their services; For businesses that require a consistent approach by all service providers in a supply chain;
- For service providers to benchmark their IT service management; As the basis for an independent assessment;
- For an organisation which needs to demonstrate the ability to provide services that meet customer requirements;
- For organizations which aims to improve service through the effective application of processes to monitor and improve service quality.
If you liked this article, consider taking advanced ISMS training online via Udemy