Iso 27001 Compliance Tool

1,398
-1

Published on

ISO27001 compliance tool has been developed to assist Information Security Managers or Consultants in keeping track of their organisation’s level of compliance to the ISO27001 standard or offer a managed service to clients.
Although the tool can be used for ISO27001 certification it’s purpose is to assist organisations to maintain compliance to the standard (i.e. working to the spirit of the standard).
The unique selling point of Riesgo Risk Management ISO27001 compliance tool is that it was designed by Information Security Managers with years of experience in dealing with the problem Information security managers face on a day today basis with compliance to the standard.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,398
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
64
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Iso 27001 Compliance Tool

  1. 1. 2010 Information security compliance Ben oguntala www.riesgoriskmanagement.com 2/23/2010
  2. 2. ISO27001 compliance tool Introduction The key features of the tool: The key accounts - IS Policy manager - IS Manager - Data Protection Officer - Freedom of Information Officer - Internal/External Auditors - Business unit Security representatives www.riesgoriskmanagement.com ISO27001 The organisational chart compliance tool has been developed to assist Each Business unit Security representative will Information Security Managers or Consultants in have access to the tool allowing them to participate keeping track of their organisation’s level of in all the Information security related activities. compliance to the ISO27001 standard or offer a managed service to clients. Although the tool can be used for ISO27001 certification it’s purpose is to assist organisations to maintain compliance to the standard (i.e. working to the spirit of the standard). The unique selling point of Riesgo Risk Management ISO27001 compliance tool is that it was designed by Information Security Managers with years of experience in dealing with the problem Information security managers face on a day today basis with compliance to the standard. Managing users The designers have addressed the problem in the A simple interface to manage user accounts, it modules enabling the Information security team to provides an easy means of registering and gain control of the challenge they face and aid their deregistering. resolution. Regulation compliance Although the tool is designed to address compliance with ISO27001, the principles are compatible with the following regulatory or industry compliance standards: - SOX compliance - Data Protection Act - Freedom of Information Act - PCI DSS The principles covered in also include UK government GSI accreditation. This is particularly of importance to Public sector organisations that have to submit annual GSI accreditation for using Each user from the Business units can be the GSI network. GSI Accreditation is fairly similar authenticated with their email address and once the to the ISO27001 standards and the principles account is no longer required can be easily de- overlap. registered by the administrator. Www.riesgoriskmanagement.com | info@riesgoriskmanagement.com ISO 27001 compliance tool Riesgo Risk management is a service of Mateo Isabella, a UK registered limited company.
  3. 3. ISO27001 compliance tool Key principles ISMS forum This represents your organisation’s management structure in support of Information Security principles. The tool is designed to capture the information security issues that need management approval in order to resolve or growing trends from the incidents, risk register or Audit register. Information Asset register A register of Information Assets listed according to Information security policy with information Asset each business unit. Each Asset is given an register, Incident register linked to policy and automatic Asset ID, Risk index and classification. It information asset register. A risk register to manage also includes Asset owner, format and any risk all associated risks for your organisation. register entries or Audit non compliances. IS policy manager Maps National (Group or HQ) policies to Local policies to Departmental policies. It also assigns a responsibility to the associated procedures. All policies and procedures have dates associated with each and an automatic review date (3/6/9/12 month review dates. Information security Manager will be able to see all information Assets for all business units whilst each business unit limited to their own information Asset. Www.riesgoriskmanagement.com | info@riesgoriskmanagement.com ISO 27001 compliance tool Riesgo Risk management is a service of Mateo Isabella, a UK registered limited company.
  4. 4. ISO27001 compliance tool Incident register Data Protection Officer – subject access Each Business unit will be able to register requests information Security incidents that occur within their For Information Security departments that are also Business units. The information Security Manager is responsible for Data Protection compliance or for automatically notified and the incident stored on the organisations that have a dedicated Data Protection register till it is resolved. Officer, the tool has a Subject Access Request dashboard. It stores all Subject Access requests, and tracks the request till response. Risk Register The risk register allows your organisation to maintain risks found in the organisation with the aim Freedom of Information request – FOI request of resolving them. Assets that pose risks will have the owners associated with the risk register entry to aid resolution of the risk. As the risks as resolved, they are moved to the archive. Contact details Ben Oguntala Ben.oguntala@riesgoriskmanagement.com Tel - +44 7812039867 For Security consultants interested in providing an ISO27001 compliance managed service for their clients we can arrange for multiple client solution. Please call or email Ben Oguntala for more information. Www.riesgoriskmanagement.com | info@riesgoriskmanagement.com ISO 27001 compliance tool Riesgo Risk management is a service of Mateo Isabella, a UK registered limited company.

×