ISO 27002


Solution & Benefits Lifecycle Related Regulations

ISO 27002 Compliance Lifecycle

The ISO 27002 compliance lifecycle includes the following steps, all automatically enacted by the ProcessGene™ GRC Software Suite:

Lifecycle step ISO 27002 activity
ISO 27002 context establishment
  1. Definition of ISO 27002 compliance related business processes
  2. Delineation of process diagrams (optional)
  3. Definition of assets within the ISO 27002 scope
  4. Standardization and documentation of ISO 27002 regulations, policies and procedures
Risk identification
  1. Risk description, identification of risk stakeholders
  2. Risk classification and determination of heat-maps
  3. Risk assessment and measurement
  4. Determination of Key Risk Indicators (KRIs)
  5. Risk tolerance determination
Control determination
  1. Definition of controls to mitigate identified ISO 27002 risks
  2. Assignment of ISO 27002 control owners
  3. Scheduling and monitoring ISO 27002 control execution
  4. Assessment of residual risk levels
Requirement management
  1. Requirement definition
  2. Automated requirement workflow management
  3. Requirement fulfillment monitoring
ISO 27002 audit and remediation
  1. Definition and scheduling of ISO 27002 audit plans
  2. Definition of mechanisms for testing ongoing ISO 27002 compliance
  3. Collection, analysis and storage of ISO 27002 audit results
  4. Remediation plan definition, execution and follow-up
ISO 27002 related incident management
  1. Incident recording
  2. ISO 27002 related incident handling (using scheduled workflows)
  3. ISO 27002 related incident analysis and reporting
  4. Incident monitoring and follow-up
ISO 27002 certification
  1. Hierarchal ISO 27002 certification process determination
  2. Establishment of an automated ISO 27002 certification process
  3. Monitoring and reporting ISO 27002 certification status
  4. Archiving ISO 27002 certification history
Multi-Org management
  1. Determination of a global ISO 27002 compliance baseline with mandatory components
  2. Establishing a workflow for examining local (subsidiary) variants
  3. Enforcement of enterprise guidelines, regulations and frameworks within subsidiaries
  4. Control ISO 27002 compliance level both locally (per subsidiary) and globally from a central HQ cockpit

The ProcessGene™ ISO 27002 Software Users

The ProcessGene™ ISO 27002 compliance software provides value to the following users:
  1. C-level management (CEO, CFO, CIO, CRO, COO)
  2. Board of directors
  3. Compliance officers
  4. Internal auditors
  5. ISO 27002 compliance managers



Continue to: Related Regulations >