ISO 27001- Controls Automation

Eliminate manual effort across assessments by up to 90% and meet compliance continuously against all frameworks or standards.

The safeguards and controls recommended by ISO 27001 are there to help you mitigate security risks throughout your organization. CyberSaint does this for you automatically.

Types of ISO 27001 Controls

There are fourteen types of controls in Annex A of ISO 27001. They are listed below, with a brief description of each.

1. Information Security Policies - ensures that all information security policies are created and updated according to best practices.

2. Organization of Information Security - establishes a framework for implementing information security protocols and ensures that remote workers or those using corporate mobile devices follow security guidelines.

3. Human Resource Security - ensures all employees and contractors understand security practices and their responsibilities before, during, and after employment with the company.

4. Asset Management - identifies information assets and defines and assigns protection for those assets against unauthorized disclosure, modification, removal or destruction.

5. Access Control - ensures proper levels of information access among employees according to their roles.

6. Cryptography - provides data encryption for sensitive content.

7. Physical and Environmental Security - prevents unauthorized access to a company’s physical campus or anywhere sensitive data is stored. Also aims to prevent the loss of hardware, software and other types of equipment or files.

8. Operations Security - ensures security of operations and processing facilities, including risk mitigation, back-up systems, security monitoring and documentation, software integrity, unauthorized access, and audit disruptions.

9. Communications Security - ensures network security and availability.

10. System Acquisition, Development and Maintenance - ensures that IT security remains an integral part of a company’s overall process through any acquisitions or growth and addresses security requirements over public networks.

11. Supplier Relationships - covers third-party contracts and governs IT security and service delivery agreements with vendors.

12. Information Security Incident Management - specifies responsibility for managing and reporting security incidents and responses.

13. Information Security Aspects of Business Continuity - addresses information security continuity in the event of a disruption and reduces redundancies.

14. Compliance - ensures compliance with local regulations and legal requirements while mitigating the penalties and cost of non-compliance.