Risks to the Success of your ISMS

00:01

Listen, 10.3

00:03

risks to the success of your SMS.

00:09

In this video, we will cover a couple of risks that could jeopardize your ice mess.

00:18

This is something we've covered briefly in the previous sections, but it's worth coming back thio

00:23

before embarking on your ice mess journey and ideally around the same time that you're analyzing your internal and external needs,

00:31

as well as the requirements off internal and external parties during the context of your organization. Understanding.

00:39

Take the time to do an analysis off the risks that could stand in your way of achieving the objectives and results you want from your eyes. Mess.

00:48

So you want to be certified within six months.

00:51

A big risk here

00:53

There is the time factor,

00:55

depending on the size of your organization and the maturity of existing information, security controls and processes

01:02

that might not be enough time to get certified.

01:06

That, in itself is a risk.

01:07

How will admit risk be managed?

01:10

Will you reduce the certification scope

01:12

in other words, to mitigate the risk?

01:15

Or will you accept the risk and go ahead anyway?

01:19

These risks should be documented some way and tracked so that you can ensure that these air being managed

01:26

and that these risks mind suddenly jump out arbitrarily and affect your progress.

01:33

Let's look at a couple of examples.

01:37

One of the biggest risks to a nice amaze being successful

01:40

is the lack of top management support and commitment.

01:46

Next

01:47

budgetary or financial constraints,

01:49

implementing an icy mess and especially getting it certified against the ice. A 27,001 standard

01:57

is not the cheapest process to go through.

02:00

There will be ordered costs involved,

02:02

as well as costs of ensuring that your team is appropriately trained, skilled

02:07

as well as the time

02:10

investment from the various resource is participating in the miss across the organization.

02:19

Another is to consider is resource constraints.

02:23

How busy are your current resource is? Will they be able to dedicate sufficient time

02:29

to the ice Ms Project?

02:31

Or will this be setting them up for failure both in the ice, um, s as well as in their existing job roles?

02:39

Consider the current ordered load on your organization.

02:45

Does your organization have multiple orders happening throughout the year for various compliance and regulatory reasons?

02:53

If Sir

02:54

implementing an ice miss and especially getting it certified against the standard

03:00

will add additional orders.

03:02

Be careful of going into an ordered overload

03:05

and make sure that these are managed appropriately

03:07

and spaced out with sufficient time to allow staff to recover from

03:13

in order it

03:15

and get their day to day work done,

03:16

I say Recover as orders can be quite intense on staff and take up a lot of their time.

03:23

They can get frustrated and feel like they're not getting the normal day to day duties completed.

03:28

So just bear that in mind and be supportive way possible.

03:34

Consider any skill set or expertise constraints that you may have.

03:38

Do you have anyone in the organization that has in depth? Knowledge? Off is a 27,001

03:45

as well as implementing an ice miss

03:49

or even just knowledge within information security in general.

03:53

Ensure that these skills exist to some level in your organization

03:58

and that you have a plan to maintain and specialized these skills where necessary

04:04

factor in any time constraints that you may have,

04:08

as mentioned in the earlier example,

04:11

ensure that you give yourself enough time

04:14

to properly implement

04:15

and operator I Smith's prior to going through any certification orders

04:23

another is to consider. Is your organizational culture and adaptability

04:28

or the level of change acceptance

04:32

organizations that have a low acceptance, too?

04:36

Changes and new ways of doing things will probably resist your eye. Smith's strongly in the beginning

04:45

ensure that you spend the time to make sure that they understand what the ice messes about

04:49

and what their role is in this,

04:53

as well as overall benefits that this will give to the organization.

05:00

Lastly, considered instances whether where there are any soul dependency risks

05:06

having key people responsible for key tasks

05:11

means that you run the risk off. If something happens to that person

05:15

who takes over,

05:15

does anyone else have the knowledge to pick up and continue where they left off

05:21

and show that these risks are appropriately managed

05:25

and that there is someone on standby for that person receiving the appropriate training and cross Skilling

05:31

on ensuring the documentation is lift

05:34

so that the knowledge is transferrable to anyone else that requires it

05:45

in this lesson recovered examples of risks that could impact the success of your items