ISO 27001


ISO 27001, ISO 27002 Compliance




ISO 27001 is an internationally recognised certification standard for information security management systems.

Provides a best practice framework for establishing, implementing, maintaining and improving an organisation's information security management system (ISMS).

Organisations that choose to adopt ISO 27001 are able to:


  • Proactively manage info security while increasing security awareness throughout the organisation.
  • Cost-effectively manage risk by formulating suitable security objectives and requirements.
  • Demonstrate their commitment to a superior level of information security.
  • Provide confidence and assurance to investors, clients, and prospective partners and customers.
  • Differentiate their business, services and products in the marketplace.
  • Ensure compliance with certain laws and regulations.



Solution Features & Benefits



> Audit-ready ISO 27001 report, out-of-the-box compliance reports.

> Receive real-time reports reflecting any changes made in the firewall and VPN configuration.

> View risky firewall and VPN rules relative to the standards.


The ISO 27001:2005 Control Objectives are comprehensive security best practices that extend beyond traditional information security protection. ISO 27001:2005 control objectives include physical security, business continuity, and compliance controls, including:


A.5 Security Policy

A.6 Organisation of Information Security

A.7 Asset Management

A.8 Human Resources Security

A.9 Physical Environmental Security
A.10 Communications and Operations Management

A.11 Access Control

A.12 Mobile Computing and Teleworking

A.13 Technical Vulnerability Management

A.14 Business Continuity Management

A.15 Compliance

SecureNet Consulting can addresses all 11 of these control objectives and complies with all the requirements.



ISO Section
Solution Provided
Requirement Rating
8
Firewall
Required
8
IDS / IPS
Strongly Recommended
11 & 12
Centralised Logging
Strongly Recommended
6, 7, & 11
Baseline /Vulnerability Assessment
Required
11 & 12
Patch Management
24 Hours for Critical Updates




> Access control

Appropriate access controls are maintained, with information protected against unauthorised access.


> Real-time Threat Monitoring and Analysis

> Incident Management

incident management process is in place for quick response to information security breaches or incidents.


> Business continuity

A business continuity management framework and business continuity plan are in place to counteract interruptions to business activities and to protect critical business processes from the effects of major failures or disasters. These plans are subject to regular testing to validate their effectiveness.


> Audit & Compliance Reporting

An on-going compliance and monitoring mechanism is in place.

All breaches of information security, actual or suspected, are reported to and investigated by the relevant Security team, recorded in an incident report, and reviewed by Security Services senior management.


> Managed Services

Enforces on-going reviews to drive continuous improvement to the security management system.
  • Ensures that information security activities are recorded and are auditable.
  • Raises the level of security and awareness of best practices through continuous training.
  • Meets customer contractual and service level requirements for ISO 27001 compliance.
  • Incorporate report coverage for customers and suppliers - save them having to allocate time, budget, and resources to conduct independent audits.





Contact us today to discuss your requirements in more detail.

P: +44(0)7714 209927

S: +44(0)1273 329753

info@securenetconsulting.co.uk