ISMS Manual
This manual is the working structure for Core 12's ISO-oriented ISMS. It preserves the accurate TISAX-era security policy content while splitting it into documents that can be reviewed, owned, and automated.
Document Set
| Area | Purpose |
|---|---|
| Governance | Scope, policy, responsibilities, document control, review cadence |
| Policies | Required behavioral and control requirements |
| Standards | Specific technical or operational baselines |
| Procedures | Repeatable operating procedures and incident/continuity playbooks |
| Risk Management | Risk assessment method and risk register seed content |
| Agreements | Security terms acknowledged by personnel |
| Operations | Migration plan and review automation model |
Management System Loop
| ISO phase | Core 12 practice | Management repo object |
|---|---|---|
| Plan | Define scope, classify assets, assess risks, choose controls | Risk, asset, service, vendor, and document-review issues |
| Do | Apply policies, train personnel, review access, run projects securely | Personnel, service, app, website, device, and vendor records |
| Check | Review documents, run quarterly reviews, summarize incidents and risks | Review issues, monthly summaries, review-due labels |
| Act | Track actions, update docs, close gaps, improve templates | Migration tasks, risk treatments, incident PIRs |
Source of Truth Boundary
This repository is the source of truth for ISMS documents. core12-isms-management is the source of truth for records, evidence, registers, scheduled reviews, and operational action tracking.