What is BS EN ISO 28983-1: 2019 ?

What is BS EN ISO 28983-1: 2019?

BS EN ISO 28983-1: 2019 is a technical standard that provides guidelines and requirements for establishing. implementing. maintaining. and continually improving an information security management system (ISMS) within the context of an organization. It is based on the Plan-Do-Check-Act (PDCA) cycle and follows the high-level structure defined by Annex SL.

The main purpose of BS EN ISO 28983-1: 2019 is to help organizations protect their sensitive information from various internal and external threats. By implementing the standard's recommendations and requirements. organizations can establish a systematic approach to managing information security risks and achieve a higher level of confidence in their ability to effectively respond to incidents and prevent data breaches.

Key Elements of EN ISO 28983-1: 2019

EN ISO 28983-1: 2019 is made up of several key elements that are essential for organizations to establish an effective information security management system. These elements include:

1. Information Security Management System (ISMS)

The ISMS is a systematic approach to managing an organization's information security risks. It includes policies. procedures. and controls that are designed to protect sensitive information from internal and external threats.

2. Policy

A policy is a written document that outlines the organization's approach to managing information security risks. It is a high-level statement that defines the organization's policies and procedures for managing information security risks.

3. Procedures

Procedures are detailed steps that outline how the organization will implement its policies and procedures for managing information security risks. They provide a clear and concise guide for employees on what they should do in various situations.

4. Controls

Controllers are responsible for monitoring and controlling the organization's information security risks. They are responsible for ensuring that the organization's policies and procedures are being followed and for identifying and addressing any weaknesses or deficiencies in the organization's information security management system.

5. Information Security Roles and Responsibilities

The standard defines the roles and responsibilities of individuals within the organization for managing information security risks. It ensures that all employees understand their roles and responsibilities in protecting the organization's sensitive information.

6. Information Security Training

The standard requires organizations to provide their employees with appropriate training on information security risks and controls. This training should be appropriate to the organization's needs and should be updated regularly.

7. Information Security Monitoring

The standard requires organizations to monitor their information security risks regularly. This involves collecting and analyzing data on the organization's information security risks and controls to identify any weaknesses or deficiencies.

8. Continual Improvement

The standard requires organizations to continually improve their information security management systems. This involves identifying areas for improvement. implementing changes to their policies and procedures. and regularly evaluating their information security management system to ensure that it remains effective and meets the organization's needs.

Conclusion

BS EN ISO 28983-1: 2019 is an essential standard for organizations that want to establish and maintain an effective information security management system. By implementing the standard's recommendations and requirements. organizations can protect their sensitive information from internal and external threats and achieve a higher level of confidence in their ability to effectively respond to incidents and prevent data breaches.