2010

Information security compliance

Ben oguntala www.riesgoriskmanagement.com 2/23/2010

ISO27001 compliance tool

Introduction The key features of the tool: The key accounts IS Policy manager IS Manager Data Protection Officer Freedom of Information Officer Internal/External Auditors Business unit Security representatives www.riesgoriskmanagement.com ISO27001 compliance tool has been developed to assist Information Security Managers or Consultants in keeping track of their organisations level of compliance to the ISO27001 standard or offer a managed service to clients. Although the tool can be used for ISO27001 certification its purpose is to assist organisations to maintain compliance to the standard (i.e. working to the spirit of the standard). The unique selling point of Riesgo Risk Management ISO27001 compliance tool is that it was designed by Information Security Managers with years of experience in dealing with the problem Information security managers face on a day today basis with compliance to the standard. The designers have addressed the problem in the modules enabling the Information security team to gain control of the challenge they face and aid their resolution.

The organisational chart Each Business unit Security representative will have access to the tool allowing them to participate in all the Information security related activities.

Managing users A simple interface to manage user accounts, it provides an easy means of registering and deregistering.

Regulation compliance Although the tool is designed to address compliance with ISO27001, the principles are compatible with the following regulatory or industry compliance standards: SOX compliance Data Protection Act Freedom of Information Act PCI DSS

The principles covered in also include UK government GSI accreditation. This is particularly of importance to Public sector organisations that have to submit annual GSI accreditation for using the GSI network. GSI Accreditation is fairly similar to the ISO27001 standards and the principles overlap.

Each user from the Business units can be authenticated with their email address and once the account is no longer required can be easily deregistered by the administrator.

Www.riesgoriskmanagement.com | info@riesgoriskmanagement.com ISO 27001 compliance tool Riesgo Risk management is a service of Mateo Isabella, a UK registered limited company.

ISO27001 compliance tool

Key principles

ISMS forum This represents your organisations management structure in support of Information Security principles. The tool is designed to capture the information security issues that need management approval in order to resolve or growing trends from the incidents, risk register or Audit register.

Information security policy with information Asset register, Incident register linked to policy and information asset register. A risk register to manage all associated risks for your organisation. IS policy manager Maps National (Group or HQ) policies to Local policies to Departmental policies. It also assigns a responsibility to the associated procedures. All policies and procedures have dates associated with each and an automatic review date (3/6/9/12 month review dates.

Information Asset register A register of Information Assets listed according to each business unit. Each Asset is given an automatic Asset ID, Risk index and classification. It also includes Asset owner, format and any risk register entries or Audit non compliances.

Information security Manager will be able to see all information Assets for all business units whilst each business unit limited to their own information Asset.

Www.riesgoriskmanagement.com | info@riesgoriskmanagement.com ISO 27001 compliance tool Riesgo Risk management is a service of Mateo Isabella, a UK registered limited company.

ISO27001 compliance tool

Incident register Each Business unit will be able to register information Security incidents that occur within their Business units. The information Security Manager is automatically notified and the incident stored on the register till it is resolved. Data Protection Officer subject access requests For Information Security departments that are also responsible for Data Protection compliance or for organisations that have a dedicated Data Protection Officer, the tool has a Subject Access Request dashboard. It stores all Subject Access requests, and tracks the request till response.

Risk Register The risk register allows your organisation to maintain risks found in the organisation with the aim of resolving them. Assets that pose risks will have the owners associated with the risk register entry to aid resolution of the risk.

Freedom of Information request FOI request

As the risks as resolved, they are moved to the archive.

Contact details Ben Oguntala Ben.oguntala@riesgoriskmanagement.com Tel - +44 7812039867 For Security consultants interested in providing an ISO27001 compliance managed service for their clients we can arrange for multiple client solution. Please call or email Ben Oguntala for more information.

Www.riesgoriskmanagement.com | info@riesgoriskmanagement.com ISO 27001 compliance tool Riesgo Risk management is a service of Mateo Isabella, a UK registered limited company.