ISO 27001

The ISO 27001 framework is the internationally recognized best practice framework for an Information Security Management System (ISMS). It is applicable to all organizations, irrespective of size, type or nature.

The Standard requires organizations to identify information security risks and select appropriate controls to tackle them. There are 114 ISO 27001 controls, divided into the following 14 domains:

  • A.5 Information security policies – controls on how policies are written and reviewed

  • A.6 Organization of information security – controls on how responsibilities are assigned

  • A.7 Human resources security – controls prior to employment, during, and after the employment

  • A.8 Asset management – controls related to inventory of assets and acceptable use

  • A.9 Access control – controls for the management of access rights of users, systems and applications

  • A.10 Cryptography – controls related to encryption and key management

  • A.11 Physical and environmental security – controls defining secure areas, entry controls, protection against threats, equipment security, etc

  • A.12 Operational security – lots of controls related to the management of IT production

  • A.13 Communications security – controls related to network security

  • A.14 System acquisition, development and maintenance – controls defining security requirements

  • A.15 Supplier relationships – controls on agreements and monitoring suppliers

  • A.16 Information security incident management – controls for reporting events and weaknesses

  • A.17 Information security aspects of business continuity management – controls requiring the planning of business continuity

  • A.18 Compliance – controls requiring the identification of applicable laws and regulations,

Organizations aren’t obliged to implement ISO 27001’s controls. They’re simply a list of possibilities to be considered based on an organization’s requirements.  However, compliance will demonstrate to customers, governments, and regulatory bodies that your organization is secure and trustworthy.

CyGov delivers streamlined, automated data collection and analysis, prioritized remediation guidance and real-time customized scoring to meet the ISO 27001 framework both for companies who chose to use this as a risk framework, or for those who want to prepare for full compliance with ISO 27001.

CyGov has mapped ISO 27001 back to its control inventory, allowing to share data across multiple frameworks through the platform, which creates time savings, money savings and more accurate data. Through the CyGov platform organizations can gain full visibility to their cyber risk levels and compliance.

Background footer new.png

Follow Us

Group 9703@2x.png
Group 9705@2x.png

© 2020 by CyGov Tech