Using CyberComply for ISO 27001 compliance

ISO 27001 is a substantial standard and getting to grips with how compliance and certification affects your organisation can be daunting. However, CyberComply can help your organisation certify to ISO 27001 quickly and efficiently.

The core of compliance with ISO 27001 is a risk assessment that covers the organisation’s relevant information security infrastructure, data and staff. CyberComply will help you define which items need to be part of the assessment, and then perform the assessment in a methodical and repeatable way.

One of the results of the risk assessment is a list of risks that need to be responded to. CyberComply can help you choose relevant security measures (called controls) to make your organisation safer and ensure ISO 27001 certification.

Risks need to be managed, which means they need an owner. CyberComply allows you to assign risks to an owner, record owner acceptance and track any tasks generated by the risk and its management.

ISO 27001 certification requires a list of controls called a Statement of Applicability (SoA). CyberComply can automatically generate this for you.

Thus, the main steps in ISO 27001 certification that CyberComply helps you with are as follows:

• Define and record the assets that need to be protected, and thus considered in the risk assessment.
• Perform the risk assessment.
• Choose controls to reduce information security risks to acceptable levels.
• Assign an owner, record acceptance and create appropriate tasks.
• Prepare the SoA – required for certification.

Updated on: 14/06/2024