CyberComply Help Centre
Go to website
Back
Articles on:ISO 27001
Using CyberComply for ISO/IEC 27001.

Categories

  • Getting Started
  • My Account
  • Troubleshooting
  • GDPR
  • ISO 27001
  • Control sets
  • Settings and Customisation
  • Legal and Security
  • Guide to ISO/IEC 27001:2022 – Information Security Management
    What is ISO 27001 information security management? ISO/IEC 27001 is the international standard for information security management. Part of the ISO 27000 series, ISO 27001 sets out a framework for all organisations to establish, implement, operate, monitor, review, maintain and continually improve an ISMS (information security management system). Certification to the ISO 27001 standard is recognised worldwide as proof that your organisation’s information security management is aligned withPopular
  • Using CyberComply for ISO 27001 compliance
    ISO 27001 is a substantial standard and getting to grips with how compliance and certification affects your organisation can be daunting. However, CyberComply can help your organisation certify to ISO 27001 quickly and efficiently. The core of compliance with ISO 27001 is a risk assessment that covers the organisation’s relevant information security infrastructure, data and staff. CyberComply will help you define which items need to be part of the assessment, and then perform the assessment inFew readers
  • Statement of Applicability
    A Statement of Applicability (SoA) is a document that is required for certification to ISO 27001. The SoA must contain the following information: A list of information security controls selected to mitigate risk. Justifications for the inclusion of the selected controls. Confirmation of whether the controls are fully implemented. Justifications for excluding any of the ISO 27001 Annex A controls. CyberComply can automatically generate the SoA from data that you have entered. CrFew readers
  • Risk assessment
    The core of compliance with ISO 27001 is a risk assessment. CyberComply can perform scenario-based, asset-based and mixed risk assessments, but the requirements of ISO 27001 generally mean that an asset-based approach is best. Before performing an asset-based risk assessment, an organisation needs to define and record its assets as described in the previous section. Once the assets are within CyberComply, the risk assessment can be done. Click the Menu button and then Risks to start.Few readers
  • Assets
    CyberComply allows you to perform asset-based, scenario-based and mixed risk assessments. You must pick one of these options for each assessment you create. Asset-based risk assessments are concerned with risks to a particular asset, such as a building or a store of personal data. They are specific to the asset and the other assets associated with it (such as the staff and equipment in a building). You will have access to the assets risk library for risks defined in this kind of assessment.Few readers
  • Asset classes
    Asset classes offer a way to group related assets together for easier viewing and risk assessment. Asset classes page The typical asset types are hardware, software, data, personnel and facilities. If you have a lot of hardware, you may want to define different hardware types as asset classes, such as network devices, desktop computers, servers, mobile devices, storage, etc. If you have a lot of softwaFew readers
  • Risk response
    When risks have been identified using a risk assessment, an organisation needs to respond to them. The four ways of responding to a risk are as follows: • Tolerate – accept the risk as it is. This might be because the risk is small enough to be tolerable or that other responses would not be cost-effective. • Transfer – pass the risk to another party. This can be done through outsourcing or insurance. • Avoid – stop doing the activity that creates the risk. This can happen if the potFew readers

Not finding what you are looking for?

Chat with us or send us an email.

  • Chat with us
© 2026CyberComply Help Centre