When creating systems for your information security management system (ISMS) you need to to focus on the life-cycle of your entire information system. Your ISMS doesn’t just focus on your IT and your networks, it focuses across your whole systems.
It is important that this strategy is in place from the beginning. You need to take a broad approach across your systems.
That is from acquisition, through development and then into maintenance.
So you need to look across all your systems and check that information security is built into every step.
Map your entire life-cycle during the development of your systems, so you know what your systems are.
Then check all the information security activities for each of the steps and upgrade or enhance what is in place.
For example check through marketing, development, sales, implementation, support and financial systems for information security vulnerabilities.
Some things you may want to check in the development processes include: