Five step for successful Information Security Management System (ISMS) Implementation

1. Formulation of the risk treatment plan and its documentation, including planned processes and any required supporting documentation;

2. Implementation of the risk treatment plan and planned controls;

3. Appropriate training for affected staff, as well as awareness programmes;

4. Managing operations and resources in line with the ISMS;

5. Implementation of procedures that enable prompt detection of, and response to, security incidents.