In this step we recommend you start with the core requirements that help you understand your organisation in relation to information security. You'll begin by completing clause 4.4 Establish, implement and maintain an ISMS - as ISMS.online is your sustainable all-in-one-place management system.

Next you'll determine which Assets, Systems, People, Locations etc. fall within the scope of your Management system. From there, go on to classify your assets and describe the Risks that affect them.

Once each area has been addressed you can move on to the next step, where you'll begin to describe your organisation's current policies & controls in line with Annex A.

Action: Work through the areas in the order shown on this page

Tips: The section on this page shows your progress for each area related to that step of ARM.

When you've finished working on a policy or control, you can submit it for approval. Once approved, the progress will be automatically updated to 100%.