ISO 27002 Compliance Lifecycle
The ISO 27002 compliance lifecycle includes the following steps, all automatically enacted by the ProcessGene™ GRC Software Suite:
Lifecycle step |
ISO 27002 activity |
|
ISO 27002 context establishment |
- Definition of ISO 27002 compliance related business processes
- Delineation of process diagrams (optional)
- Definition of assets within the ISO 27002 scope
- Standardization and documentation of ISO 27002 regulations, policies and procedures
|
|
Risk identification |
- Risk description, identification of risk stakeholders
- Risk classification and determination of heat-maps
- Risk assessment and measurement
- Determination of Key Risk Indicators (KRIs)
- Risk tolerance determination
|
|
Control determination |
- Definition of controls to mitigate identified ISO 27002 risks
- Assignment of ISO 27002 control owners
- Scheduling and monitoring ISO 27002 control execution
- Assessment of residual risk levels
|
|
Requirement management |
- Requirement definition
- Automated requirement workflow management
- Requirement fulfillment monitoring
|
|
ISO 27002 audit and remediation |
- Definition and scheduling of ISO 27002 audit plans
- Definition of mechanisms for testing ongoing ISO 27002 compliance
- Collection, analysis and storage of ISO 27002 audit results
- Remediation plan definition, execution and follow-up
|
|
ISO 27002 related incident management |
- Incident recording
- ISO 27002 related incident handling (using scheduled workflows)
- ISO 27002 related incident analysis and reporting
- Incident monitoring and follow-up
|
|
ISO 27002 certification |
- Hierarchal ISO 27002 certification process determination
- Establishment of an automated ISO 27002 certification process
- Monitoring and reporting ISO 27002 certification status
- Archiving ISO 27002 certification history
|
|
Multi-Org management |
- Determination of a global ISO 27002 compliance baseline with mandatory components
- Establishing a workflow for examining local (subsidiary) variants
- Enforcement of enterprise guidelines, regulations and frameworks within subsidiaries
- Control ISO 27002 compliance level both locally (per subsidiary) and globally from a central HQ cockpit
|
|
|
|
The ProcessGene™ ISO 27002 Software UsersThe ProcessGene™ ISO 27002 compliance software provides value to the following users:
- C-level management (CEO, CFO, CIO, CRO, COO)
- Board of directors
- Compliance officers
- Internal auditors
- ISO 27002 compliance managers
Continue to: Related Regulations >
|