ISO 27001 Compliance Software
ISO 27001 and ISO 27002 2022 updates
ISO/IEC 27001:2022 – the newest version of ISO 27001 – was published in October 2022.
Organisations that are certified to ISO/IEC 27001:2013 have a three-year transition period to make the necessary changes to their ISMS (information security management system).
For more information about ISO 27001:2022 and its companion standard, ISO 27002:2022, and what they mean for your organisation, please visit ISO 27001 and ISO 27002: 2022 updates
Information security management system
An ISMS (information security management system) certified to the international standard ISO 27001 demonstrates that your organisation manages its information security in line with international best practice.
IT Governance’s sister company Vigilant Software aims to make data protection, cyber security, information security and risk management straightforward and affordable for all.
Its integrable, Cloud-based software tools will help your ISO 27001 compliance journey.
Risk management
According to Section 6.1.2 of ISO 27001, the information security risk assessment process must:
- Establish and maintain certain information security risk criteria;
- Ensure that repeated risk assessments “produce consistent, valid and comparable results”;
- “Identify risks associated with the loss of confidentiality, integrity and availability for information within the scope of the information security management system”;
- Identify the owners of those risks; and
- Analyse and evaluate information security risks according to certain criteria.
Most importantly, organisations must “retain documented information about the information security risk assessment process” so they can demonstrate that they comply with these requirements.
Manual risk assessment methods are time-consuming and expensive, and often suffer from data and process inconsistencies that undermine the integrity and dependability of their results.