Step 2: DO: Implement a local ISMS

Now that you have clarified the risks and documented your procedures for handling them, it’s time to initiate the activities that will implement the ISMS in practice. This involves selecting and managing a variety of measures intended to protect information and business processes. 

Relevant activities might include:

• Regular management meetings to discuss and evaluate the plan
• Allocating responsibility for the individual aspects of the plan – for example digital security, access to buildings and labs, etc.
• Draft a risk management report.
• Carry out a local awareness campaign to heighten awareness of the activities you have decided to launch.

In this regard, it’s also a good idea to plan which  elements of the plan will be evaluated.