For organisations that are serious about improving their information security posture and reducing cyber risks ISO/IEC 27001 is a commonly adopted voluntary global standard for information security compliance. Providing a consistent benchmark to measure information security best practice across different entities, ISO 27001 engenders a level of trust that can generate real competitive advantage.
NETconsent supports adherence to ISO 27001 through:
Simplicity and convenience – no software installation required by end user, resulting in minimal delpoyment and support requirements.
Measuring employee awareness and understanding of each policy – by testing their knowledge to identify training gaps and enable risk mitigation.
The distribution of policies – customised by job type without the administrative burden associated with more traditional record keeping.
Multiple communication options – the end user can access documents in a number of different ways both voluntarily or by corporate enforcement.
Advanced tracking – real-time management reports that highlight the distribution of policies and flag which users are yet to sign up.
NETconsent also provides a ‘greener’ alternative to paper as policies do not require printing.
What is an ISMS?
ISO 27001 requirements
An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes, and IT systems by applying a risk management process. It can help small, medium, and large businesses in any sector keep information assets secure.
Section 7 of the new ISO 27001:2013 states the requirements for employers to present evidence of competence, awareness, and communication, relating to employees. There is also a requirement for documented information, which relates to the creation and updating of documented information, as well as their control.
About ISO 27001
Created by the International Organization for Standardization (ISO), ISO 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) for any organisation, regardless of type or size.