John Laffey, Program Manager at
Perry Johnson Registrars, Inc. discusses the cornerstones of an information security management system from the perspective of a management system auditor. - Context: the boundaries, the scope, the data, the people, the systems, and the stakeholders, - Leadership: driving the entire process, continuing to champion it and making sure resources are available. - Planning: documented processes, risk assessment and risk management
(Change = risk) - Support: budget, continuing training competencies, determining what is the required competencies, and then ensuring that those folks are meeting those. - Operation: Putting practices into action, verifying that you're doing what you say you do. - Performance Evaluation: “It's kind of the day to day, month to month, year to year maintenance of ensuring that things are staying on the rails and that nothing is slipping.”. - Improvement: Reaching expected, measurable outcomes and asking what can be improved in our organization
Not only are these valuable clauses in terms of passing your audit, but they're valuable in terms of reducing your organization's risk. This podcast can help you understand how your current management system can benefit you with your CMMC efforts.
OPTIONAL: Check out these resources we mentioned during the podcast: -
John Laffey, Program Manager at
Perry Johnson Registrars, Inc. - Call our headquarters at 1-800-800-7910 - Email John directly at JLafffey@PJR.com -
PJR website To ensure you never miss an episode, subscribe to the show on
Apple Podcasts,
Spotify,
our website or wherever you get your podcasts.
Listening on a desktop & can’t see the links? Just search for [Virtual Ciso] in your favorite podcast player.