Simplify your ISO 27001 compliance worries

ISO 27001

IS0 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes

policy-1

Policy Controls

  1. Information security policies (2 controls): how policies are written and reviewed.
  2. Organisation of information security (7 controls): the assignment of responsibilities for specific tasks.
  3. Human resource security (6 controls): ensuring that employees understand their responsibilities prior to employment and once they’ve left or changed roles.
  4. Asset management (10 controls): identifying information assets and defining appropriate protection responsibilities.
  5. Access control (14 controls): ensuring that employees can only view information that’s relevant to their job role.
  6. Cryptography (2 controls): the encryption and key management of sensitive information.
security

Security Controls

  1. Physical and environmental security (15 controls): securing the organisation’s premises and equipment.
  2. Operations security (14 controls): ensuring that information processing facilities are secure.
  3. Communications security (7 controls): how to protect information in networks.
  4. System acquisition, development and maintenance (13 controls): ensuring that information security is a central part of the organisation’s systems.
  5. Supplier relationships (5 controls): the agreements to include in contracts with third parties, and how to measure whether those agreements are being kept.
  6. Information security incident management (7 controls): how to report disruptions and breaches, and who is responsible for certain activities.
  7. Information security aspects of business continuity management (4 controls): how to address business disruptions.
  8. Compliance (8 controls): how to identify the laws and regulations that apply to your organisation.
benefit

Benefits

  • Win new business and sharpen your competitive edge
    Avoid the financial penalties and losses associated with data breaches
  • Protect and enhance your reputation
  • Comply with business, legal, contractual and regulatory requirements
  • Improve structure and focus
  • Reduce the need for frequent audits
  • Obtain an independent opinion about your security posture
ISO 27001 IS THE MOTHERSHIP OF EVERYTHING CYBER SECURITY
 Try FreshGRC FREE ! 
splash_alto_iso27001_blogbanner

FixNix FreshGRC

FreshGRC has got 8 different modular products in it's world's 1st SaaS GRC platform to enable organizations simplify the ISO 27001 certification process.
The decision to use ISO 27001 was not only about successful certification. It was about strengthening our growing business and its activities, to provide the resilence, confidence and trust expected by those customers who use our services
John Hall, CEO Mylife Digital