Is your Quality, Health & Safety or Environmental Compliance system working for you? How much time are you wasting trying to chase people to get things done, trying to remember to follow up on tasks, getting your Audits up to date, controlling documentation, dealing with customer complaints and capturing your Health & Safety Risks or incidents?
Let MANGO help you with a simpler way that makes the system not only work for you but, gets everyone involved in the system simply so you never have to remember again.
Please complete all required fields!
When people start out on the journey for ISO27001 sometimes they can forget to stop and really think about the design of their Information Security Management System (ISMS), eventually it catches up with them and it happens. One factor in that design that most seem to gloss over however is the Values that the system is based around and that's what we want to touch on in this post.
Values are an interesting topic, it's one of the areas I'm really passionate about and if you haven't read our blog posts on values then there are some links below, go read them, they will help you in your journey to a great ISMS.
Alignment in any organisation is critical to its success, the more aligned everyone is, the clearer they are about the reason why the business and the processes exist the better they can deliver on things. The thing about the values of your Information Security system is that they shouldn't be different from your organisational values, they should be reflective of them and what they stand for. There may be slightly different words used in explaining the values with respect to information security but the underlying meaning and feeling linked to those values shouldn't be changed otherwise you create confusion and a disconnect between the system and the organisation.
When you think about Information security what comes to your mind? Is it images of James Bond style secret agents with microfilms (or USB's) in their shoe, is it some bot stealing your data from a 1000 miles away or is it Dave in finance leaving his laptop and hand written notes of the last strategy meeting on the train? It's important to think about that as that will very much impact your approach and the values that your system reflects.
If you are thinking James Bond then it'll be pretty repressive stuff in terms of your approach, everything will be locked down so tightly that you'll end up doing retinal scans and blood tests just to get in the door and no one really enjoys that! At the other end when Dave has left everything on the train then again there are good ways and not so good ways to approach that. You can take a very big brother and draconian approach and that will almost certainly strike fear into people who wouldn't dare step out of line for fear of the punishment when something actually does genuinely accidentally happen and so drive everything underground and ensure nothing but the most serious issue ever gets reported or you can accept that people are basically good, will try to follow a system that is helpful and enabling and encourages openness to ensure everything that needs to be flagged is flagged and that people work with the system. Which one do you think works better?
If you build a system around things like honesty, fairness, trust and respect then people will respond to it. If you apply a caring approach to Dave when he walks into the office pale faced and nervous because the laptop and notes are still on the train then you will go so much further in having a great system because you have enabled people to take responsibility for things and for doing things.
When you are thinking about the foundational values and how you will put them across think about the outcomes you want from the system, you need it to be an enabler for the organisation but you also need it to help ensure the security of that valuable IP. Have a system that is ethical, treats the users of the system with some dignity and not as prisoners of it, helps and expects people to keep the promises that they make around it and that people take responsibility for the tasks within the system then you are going to have a great system
You are going to have a system that people will use, they will feedback into the system with improvements and they will respect the system and importantly use the system.
© Many caps Consulting | All Rights Reserved
By accepting you will be accessing a service provided by a third-party external to https://www.manycaps.com/