This is the second part of our series detailing the various steps needed to achieve a successful transition to the revised Standard.
The revised Standard emphasises the role of "Interested Parties" and it does specify that all interested parties should be listed. It may be useful, at this stage, to identify just who these are.
- Owners and/or shareholders of the business;
- Trade Associations;
- Trades Union.
This list is not exhaustive and should be specific to the organisation. Against each stakeholder their requirements as far as information security, should be stated.
Having defined all the Stakeholders you can now move forward to identifying the SCOPE. You will be generating a new S.O.A (Statement of Applicability) and defining the scope will help in deciding which elements are not applicable in the application.
Once again I would stress that these steps should not be rushed; the better the preparation the better the final result; my father used to drum this into me for decorating and in particular, painting of woodwork which always lasted longer if good preparation was taken.
Next time we will look at the revised requirements for Risk Assessments.