The compliance information security management system in 12 steps (CISIS12) is an information security management system with which you can independently certify your information security. The CISIS12 standard is a complete Information Security Management System (ISMS). CISIS12 offers a compact and simple introduction to information security, especially for small and medium-sized companies and municipalities.
The introduction according to CISIS12 is carried out in the following steps:
- Create guideline
- Raise awareness among employees
- Establish information security team
- Define IT documentation structure
- Introduce IT service management process
- Identify critical applications
- Analyze IT structure
- Modeling security measures
- Compare target and actual
- Plan implementation
The standard includes the description of the standard, an introduction manual and a catalog of measures. CISIS12 characterizes concrete measures for the planned and ongoing increase in information security and uses a classification according to "can", "should" and "must". CISCI12 adds an additional layer with compliance aspects to the ISIS12 standard, which has been established for several years.
CISIS12 is a practical introduction to an ISM, especially for SMEs and municipalities for which certification according to ISO 27001 represents a major hurdle due to the scope and complexity. This also enables problem-free later migration to ISO 27001 and provides a good basis for this.
Our range of audit and training services related to ISIS12 is suitable for companies and organizations of all sizes. Do you have any questions about CISIS12?