27k1 ISMS Product Information
The 27k1 ISMS has been designed and developed in accordance with the ISO 27001 standard by Information Security professionals and has evolved through practical feedback received from ISO 27001 practitioners.
The 27k1 ISMS allows any company to identify all Information Security assets, assess their values and quantify any risks, threats and vulnerabilities to which these assets may be exposed.
During the ISO 27001 planning stage it is important to document and approve the security policies, since the information in these policies is fundamental to an ISMS.
27k1 ISMS configuration allows these settings to be assigned. The example screenshot shows an information classifications template which can be configured in accordance with your policies.
A GAP analysis can often be a time constrained exercise, with little time allocated to complete an ISO 27001 GAP Analysis.
The GAP Manager module is designed for Implementers to assess and allocate each security control in a fast and efficient manner.
Completing a GAP project allows another GAP project to commence. The results of the GAP are reported and shown against the selected control during the risk treatment process, located in the Risk Manager module.
It is important for any ISMS system to accommodate the importation of asset data. The 27k1 ISMS facilitates this by importing data into a “safe area” for quarantine. Once the imported information is vetted within the application the imported assets are then transferred into the asset library.
Where assets of a similar security type exist, for example; finance department laptops, these are entered into a defined Asset Group, therefore saving time and effort during the risk assessment.
Control & Document Manager
In the Control and Document Manager: security controls are included or excluded to your ISMS, mandatory and recommended documents are managed, and documents are designated to their relative controls.
The Risk Manager is a fully comprehensive asset and business scenario valuation, assessment and treatment solution.
In addition to the risk and vulnerability assessment of assets, the system allows you to consider business risk scenarios as well. In the Getting Started module, you can set up the system to suggest multiple threats to assets and their vulnerabilities. Alternatively, you can choose to select asset vulnerabilities and any threats to which they may be exposed. The system has been developed with numerous examples of threats and vulnerabilities to enable you to choose those that may apply to an Information Security asset or allow you to submit your own. Either way, this consistent approach is then used to apply a scored assessment and treatment plan for the asset. This screenshot shows the Threat then Vulnerability methodology.
Project manage the actions decided from the risk treatment process. Apply projected costs and timescales in order to prioritise the project and consider how to allocate your company resources.
Audits and security breaches may identify nonconformences where corrective actions are required to be assigned on an ongoing operational basis.
Use our support service to request reports required for your business. If feasible, the reports will be added to the 27k1 ISMS using our fast-track update process.
Automatically generated Statement of Applicability and Risk Treatment plans are included.
27k1 ISMS includes many features to assist your journey to ISO 27001 certification.
In September 2019 we released Version 2 of the 27k1 ISMS, which delivers a host of advanced features. Many are based on the practical and constructive feedback that we have received from our reseller group. We have added audit functionality across a range of system modules, but there is more to see in the latest release, including API’s to cloud based Document Management systems.
One feature noted here is the ability to offer suggested ISO 27001 controls based on the criteria selected for each type of asset.