Information Security Management System (ISMS) is a way to protect and manage information based on a systematic business risk approach. It is an organizational approach to information security. In order to ensure that our business model meets the systematic business risk approach, the University conducted a sensitization workshop on ISMS ISO 27001:2013 for University Council Members and Top Management Members on 28th September, 2021 at Town Campus.
Information security is achieved by applying a suitable set of controls (policies, processes, procedures, organizational structures, and software and hardware functions). To be able to achieve certification to ISO 27001:2013, the University sought the services of a Consultant through the procurement process. The Consultant, Maier Consulting Limited (MCL) shall provide consultancy Services in the development and implementation of an Information Security Management System based on ISO 27001:2013 Standard.
The adoption of an Information Security management system by the University is a strategic decision and since the establishment and implementation of the ISMS in the University was approved by the University Council, it will ensure that document security is enhanced.
In implementing the ISMS, the university will benefit as it will:
- Minimize business damage by preventing and minimizing the impact of security incidents and risks, some of the information security risks are leakage of confidential information, unauthorized access to confidential information etc.
- Ensure preservation of confidentiality, integrity and availability of information.
- Ensure Business Continuity i.e. with contingency plans in place, operations at the University will continue with minimal interruptions in the event there is an information security incident.
The Sensitization workshop was conducted by Ms. Betty Chebet and Mr. Justice Miller Monda from Maier Consulting Limited (MCL).
Click on photo to enlarge