ISO/IEC 27002 Software


Solution & Benefits Lifecycle Related Regulations

ProcessGene™ ISO/IEC 27002 Software – Introduction

The ProcessGene™ GRC software suite provides a complete solution for ISO/IEC 27002 compliance. The ISO/IEC 27002 software is implemented within days, immediately creating compliance visibility and centralized control.

The ISO/IEC 27002 software establishes an automated workflow that reduces the time and cost of compliance enforcement and eliminates manual labor, maintenance of multiple excel spreadsheets, etc. ProcessGene™’s ISO/IEC 27002 software is designed for multi-subsidiary organizations, based on our Multi-Org technology.

ProcessGene is acknowledged worldwide as a leading provider of Business Process Management (BPM) software solutions (see Gartner’s report on ProcessGene).

ISO/IEC 27002 Compliance in a Changing Business Environment

In today’s highly regulated environment, enterprises are increasingly strained by regulatory compliance concerns, while at the same time having to promote the ongoing conduct of business. Executive officers are specifically required to demonstrate capabilities for effective regulatory compliance, and to ensure corporate transparency and visibility into the business.

ProcessGene™ GRC software provides a complete solution for ISO/IEC 27002 compliance. The ISO/IEC 27002 software is implemented within days, and uses automation to reduce the time and cost of compliance enforcement.

Compliance Challenge

The ISO/IEC 27002 regulation (also known as “ISO 17799 (former name)”, “ISO 27002″) was introduced 2005 by the the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), and has been continually maintained and updated to reflect the dynamic changes in business environment. The ISO/IEC 27002 regulation is aimed at establishing guidelines and general principles for initiating, implementing, maintaining, and improving Information Security Management Systems (ISMS) within an organization. It outlines hundreds of potential controls and control mechanisms, which may be implemented, in theory, subject to the guidance provided within ISO 27001. ISO/IEC 27002 applies to all organizations that use IT systems to operate their business.

ISO/IEC 27002 divides the scope of information security into three aspects (the C-I-A triad):

  1. Confidentiality – ensuring that information is accessible only to authorized users
  2. Integrity – safeguarding the accuracy and completeness of information and processing methods
  3. Availability – ensuring that authorized users have access to information and associated assets when required

ISO/IEC 27002 provides a guide for the development of “organizational security standards and effective security management practices and to help build confidence in inter-organizational activities”. The standard contains the following twelve main sections:

  1. Risk Assessment and Treatment
  2. Security Policy
  3. Organization of Information Security
  4. Asset Management
  5. Human Resources Security
  6. Physical Security
  7. Communications and Ops Management
  8. Access Control
  9. Information Systems Acquisition, Development, Maintenance
  10. Information Security ISO 27002 Incident Management
  11. Business Continuity
  12. Compliance

Ensuring compliance with the ISO/IEC 27002 regulation is an important organizational task, which requires ongoing management of compliance data. The compliance process is continuous and needs to be repeated periodically and closely monitored. Managing officers are personally responsible to maintain the ISO/IEC 27002 compliance, and this responsibility requires significant management attention and allocation of time and effort. Beyond self assessments or assessments of compensated third parties (such as accounting auditors or regulation consultants), the organization may also confront other external audits that show little if any tolerance to deficiencies. The ProcessGene credo in this matter is that objective compliance data, maintained by the organization itself, has much higher value than opinions of compensated third parties. We also believe that only an ongoing, continuous process can ensure actual compliance and audit clearance.

Compliance Challenge for Multi-Subsidiary Organizations

Multi-subsidiary organizations are confronting even more complex compliance challenges, due to differences between the business processes and operational characteristics of subsidiaries. Hence, the management and communication of ISO/IEC 27002 compliance in a multi-subsidiary environment becomes an extremely complex task when managed manually or by tools that are not specifically designed for Multi-Org operations.

ISO/IEC 27002 Compliance with the ProcessGene™ GRC Software Suite: Solution & Benefits

ProcessGene™ GRC software provides a complete solution for ISO/IEC 27002 compliance. Our Multi-Org software solution automates the ISO/IEC 27002 compliance lifecycle and offers the following benefits:

  1. Very fast implementation, the ISO/IEC 27002 software is up and running within days
  2. The ISO/IEC 27002 software is based on Multi-Org technology, designed for ISO/IEC 27002 compliance in multi-subsidiary organizations
  3. The ISO/IEC 27002 software features full automation of the ISO/IEC 27002 compliance process using the ProcessGene™ BPM workflow engine, making it the most powerful system in the industry – yet the most intuitive and user friendly
  4. The ISO/IEC 27002 software features central cockpit with dashboards for data analysis and diagnostics- showing quantitative ISO/IEC 27002 compliance fulfillment levels
  5. The ISO/IEC 27002 software features easy and fast access to objective evidence used for external audits
  6. The ISO/IEC 27002 software features direct connectivity to ERP systems (e.g. SAP / Oracle) and ability to extract and process data in real time, and run automated tests
  7. The ISO/IEC 27002 software covers not only ISO/IEC 27002 compliance but also hundreds of other regulations and frameworks – all within the same framework
  8. The most seasoned and comprehensive SaaS (Software as a Service) solution in the GRC domain (see Gartner’s report on ProcessGene)
  9. The ISO/IEC 27002 software improves the quality of ISO/IEC 27002 internal audits and self-assessments

ProcessGene™ “Multi-Org” Technology

ProcessGene™ has been a pioneer and global leader in Multi-Org technology. During the past decade we have mastered a unique expertise in providing software solutions to multi-subsidiary organizations worldwide (see Gartner’s report on ProcessGene). Our ISO/IEC 27002 compliance software has been specifically designed for multi-subsidiary organizations and it features the most comprehensive solution for complex, distributed compliance challenges. Read more about ProcessGene Multi-Org technology.

Screenshots

Project Steps

Process Flowchart

Risk Heat-Map

Risk and Control Dashboards

Controlled vs. Residual Risk Levels

IT Connectivity

Inter-Subsidiary Comparison

Control Dashboards



Continue to: Lifecycle >