Simplifying BS7799 Documentation
Accelerate a BS7799 project by using third party document templates - but choose the right ones.
Alan Calder
The hardest, most exhausting part of achieving BS7799 certification is the documentation of the Information Security Management System (the ISMS). The standard itself is a slim 34 pages, including index, front page and so on, but the documentation necessary to create a conforming system can, particularly in more complex businesses, push up toward a thousand pages.
That's quite scary. The resource, time and management implications of making that happen are immense. And in a smaller organization, while the amount of documentation required is much less, so are the available resources with which to tackle the task.
Then there's the "how to do it" issue. If you've never built a quality system - or an ISMS - before, there's a lot of learning (some of it by costly trial and error) before you get the documentation formula and process working effectively.
That's why many organizations turn to outside consultants. But consultants are expensive and don't necessarily leave an organization owning the ISMS - and this sense of ownership is crucial for long term success. The logical alternative, therefore, is to buy a set of model, or prototype, policies and procedures.
These templates should accelerate the whole project, reducing trial and error and pushing toward early adoption of best practice. And you can purchase prototypes on the Internet. The problem is, they're usually only at the policy level, not at the detailed procedure and work instruction level - and that's where all the hard work really is. They're not necessarily logically aligned with the standard either, and they simply don't give the detailed, point-by-point drafting advice that one needs if they are to be truly useful.
That's why we finally released a public version of our BS7799/ISO17799 Documentation Toolkit. It's a unique product, it costs less than a day of a consultant's time and it's packaged with 12 months of online drafting support and advice. It just makes it easier for organizations of all sizes to successfully carry through a BS7799 project.
|