The purpose of working on information security locally is:
Managers have overall responsibility for information security in their unit, including activities such as:
The local FISUs (research IT security committees) at AU’s five faculties are knowledgeable, relevant partners in relation to implementation of the local ISMS.
Local efforts on information security can be based on different needs and requirements...
While some units can make do with only a few formal requirements, others will need additional documentation focused on certification that units meet requirements from collaboration partners or the public sector.
In cases where additional measures to improve information security are required, a local ISMS can be implemented at faculty or department level or for individual specific research areas.
Local efforts related to information security can be structured as a Deming Wheel or annual planning cycle that is divided into activities under the various phases of PLAN-DO-CHECK-ACT, which should be re-evaluated annually.
The activities listed are the mandatory activities in ISO27001 and the minimum requirements for theISMS at Aarhus University.
To get off to a good start, we recommend incorporating the following activities:
1) Start with the activities listed in STEP 1
2) Add the activities listed in STEP 2
3) Add the activities listed in STEP 3
It can be a good idea to consider the following first...