Information Security Management System [ISMS] based on a business risk approach is meant to establish, implement, operate, monitor, review, maintain and improve the overall information security preparedness. The management system includes organizational structure, policies, planning activities, responsibilities, practices, procedures and resources which can help organizations to design and build the ISMS to effectively manage and improve an organization's information security posture.


The design and development of ISMS are two important steps in PDCA (plan, do, check and act) cycle adopted by British Standard Institute. The building process involves confirming to numerous controls spanning across many domains of information security. Properly designed ISMS can help organisations in effectively managing information security along with continuous improvement in information security posture.

Plaudit services can facilitate organisations comply with ISO 27001:2005 standards providing with the framework of manageable information security practices and documented processes.


The assignment will commence with a ISMS Scope Document, preparation of a Gap Assessment Report, Asset Valuation / Vulnerability Assessment Reports,

Appropriate Risk Assessment Methodology will be followed and a Risk Assessment report and Mitigation Plan, along with Security Policies and Procedures, ISMS Manual, Statement of Applicability and Awareness training materials, Pre- Certification Audit Report and review of existing security controls will be the other important deliverables.