ISO 27001 / 27002

ISO (International Organization for Standardization)
IEC (International Electrotechnical Commission)

You want to ensure the security of your organization’s sensitive digital information such as financial data, intellectual property documents, personnel data or information entrusted by third parties.

You need to implement an information security management system.

You are looking to incorporate best practices to protect the privacy, integrity and availability of your information over time.

You must meet regulatory requirements for assessing and addressing information security risks in your organization.

You are considering the use of compliance and information security gap remediation software to continuously upgrade and improve the interaction between your organization’s stakeholders.

 

What is ISO/IEC 27001 ? 

ISO/IEC 27001 is an international standard on how to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005 and then revised in 2013. 

ISO is an independent, non-governmental international organization with a membership of 165 national standards bodies. Through its members, it brings together experts to share knowledge and develop voluntary, consensus-based, market relevant international standards that support innovation and provide solutions to global challenges. 

ISO/IEC 27001 is a standard that sets out requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). The aim of it is to secure information assets of companies. Organisations that meet the standard’s requirements have the option to be certified by an accredited certification body following successful completion of an audit. 

This solution will help your organisation to fulfill the requirements of ISO/IEC 27001 and moreover, to stay compliant with this standard. 

What is ISO 27002 ?

ISO 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC), titled Information technology, Security techniques and Code of practice for information security controls. 

ISO is an independent, non-governmental international organization with a membership of 165 national standards bodies. Through its members, it brings together experts to share knowledge and develop voluntary, consensus-based, market relevant international standards that support innovation and provide solutions to global challenges. 

ISO/IEC 27002 gives guidelines for organizational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organization’s information security risk environments. This standard is designed to be used by organizations that intend to select controls within the process of implementing an Information Security Management System based on ISO/IEC 27001, implement commonly accepted information security controls and develop their own information security management guidelines. 

This solution will simplify the ISO/IEC 27002 guidelines and consequently help your organisation to become stay and compliant with this standard. 

 

Use our software solution to prepare for ISO 27001 certification

The information security management system is an integral part of your organization’s overall management process , structure and requires interoperability between all departments. To be in a position to obtain your certification, you will require technical tools

1. Managing responsible governance for compliance with your structure

  • Ready to use or fully customizable: be operational in one to thirty days.
  • Friendly interfaces.
  • Coverage of all your current and future compliance needs.
  • Step-by-step, adapted from beginner to expert.
  • Unlimited users.
  • Tutorials for self-learning the solution.
  • Premium online support.
  • Instant global view of the status of data compliance in the information system and compliance with ISO 27001 requirements.
  • Performance indicators.
  • Dashboards and custom reports.
  • Harmonized working methods.

2. Identification of your compliance status with respect to the requirements applicable to your organization.

  • Clarification of complexities by reconciling common requirements, control points and compliance actions with your obligations.
  • Pre-identification of requirements applied by granularity (Organization, Subcontractor, …).
  • Proof of compliance, non-applicability required for each point of requirement.
  • Collaborative audits and controls.

3. Creating and prioritizing actions to be carried out if non-compliant

  • A structured, intuitive and collaborative framework for continuous improvement.
  • Single entry.
  • Automated action plan with pre-populated modifiable recommendations.
  • Managing collaborative compliance actions.
  • Action accountability .

4. Risk management with a regularly reviewed and updated best practice implementation guide

Implementation guide provided for each requirement point.

5. Compliance Documentation to Prove Your Compliance

Mandatory documentation as part of the implementation and certification.

  • Creation of an evidence base for the audit trail and/or certification.
  • Documentary Management Centre.
  • Consistency of documentation.

6. Training and Awareness

  • Team formation, with integrated training register.

7. Compliance Checks and Audits

  • Preparing your audits and/or certification.
  • Collaborative questionnaires.
  • Automatic analysis of results.
  • Guide in the preparation of your certification.

NB: ISO 27001 includes both ISO 27001 requirements and ISO 27002 compliance measures. It is accredited by SGS. Finally, it should be noted that the text of the standard and its rights of use are not provided and must be purchased separately.

Smart Global Governance products can be activated independently of each other according to the level of compliance you want to address.

Additional benefits

Smart Global Governance  is the operational software solution to automate key processes in Ethics, Compliance and Controls. It can be used for implementation and compliance management with all local and international regulations as well as internal controls and procedures.