ISO/IEC 27001 Print

Overview

The ISO/IEC 27001 standard has been developed for companies that would like to manage and protect their critical information assets, and give confidence to customers, consumers, shareholders, authorities and any interested party. Identification and classification of a company assets and periodic threats and vulnerability risks assessment allows selection of the right controls and therefore an appropriate management of the risks, preserving confidentiality, integrity and availability of valuable information assets.

The ISO/IEC 27001 standard is designed to protect the valuable information assets of a company by providing a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System (ISMS). The ISO/IEC 27001 standard consist of a set of requirements defining the Information Security Management System (ISMS), required for the certification, and will be used to demonstrate compliance via a certification or audit process.

ISO/IEC 27001 Compliance Program

The ISO/IEC 27001 Compliance Program is designed to answer questions raised by any company that would like to protect their critical information assets and implement a Security Management System (ISMS) while evaluating and selecting products to support ISO/IEC 27001 requirements. This Compliance Program provides validated evidence about a product’s features and capabilities to support the ISO/IEC 27001 requirements.

ISO/IEC 27001 Compliance Testing and analysis cover several aspects of the product including:

  • Compliance Effectiveness
  • Product Capabilities Support
  • Compliance with other management systems standards
  • Management and Usability
  • Suitable for Use in and Recommended Configuration
  • Product Roadmap

ISO/IEC 27001 Compliance Testing Criteria

Compliance testing is conducted by trained analysts against the ISO/IEC 27001 Compliance Program criteria, as well as Compliance Labs functional and quality assurance requirements. The ISO/IEC 27001 Compliance Program criteria rely on ISO/IEC 27001 requirements from ISO/IEC 27001 Lead Auditor and Implementer perspective, companies’ needs, and queries from numerous specialists, including affected products vendors, developers, users and industry groups. The compliance analyst will report the results of each phase of testing in the Reports of Compliance, and will also document the product components submitted by the vendor and the configuration of the product evaluated.

Continuous Evaluation Process

Compliance Labs developed the continuous evaluation process as a fundamental aspect of the ISO/IEC 27001 Compliance Program. The continuous evaluation process will monitor new compliance requirements and best practices and update testing criteria to drive product compliance effectiveness and quality over the long period.

Learn more about ISO/IEC 20000 requirements