||Nowadays, due to the evolution of information technology and the transform of enterprise management mode, the frequent utilization of IT software and infrastructure has prompted organizations to endow IT Departments the responsibility and role as an essential core. The function of Information Security Management System adopted generally in industries therefore extends to cross-departmental IT support and decision making support. By revision and structure adjustment, these Information Security Management Systems which consider the organizational business continuity as a primary task have become an applicable information security guideline.|
In response to the new ISO information security management system standard formally announced in October 2013, this study investigated the impact to the enterprises caused by the new version of implementation standard, a process-orient structure. We interviewed enterprises and professional advisors the experience and process of the implementation, and made further analysis of the influence motivated by process integration. We expect to help enterprises which confront with the impact of the new version, raise the emphasis on control requirements in empirical cases, a standard-echoed planning (risk management) and implementation (control measures.) What’s more, we look forward to providing appropriate integrated approach to strengthen business continuity plan and human resource education.