Solutions


ISO 17799/27002 Compliance

The ISO 17799/27001 framework is a comprehensive set of controls comprising best practices in information security. It has emerged as the most popular framework for establishing or improving an organization's information security management program. It is organized into ten major sections including:

  • Security Policy
  • System Access Control
  • Computer & Operations Management
  • System Development and Maintenance
  • Physical and Environmental Security
  • Compliance
  • Personnel Security
  • Security Organization
  • Asset Classification and Control
  • Business Continuity Management (BCM)

Agiliance IT GRC 5-step process

However, compliance with ISO 17799 and ISO 27001 is taxing without an automated infrastructure that manages security policies across all assets as well as evaluates reports and improves compliance of organizational assets with the security policies. The Agiliance IT-GRC platform was designed to address this issue.


Agiliance's Key Capabilities:

  • Maintain a repository of all relevant assets (hardware, software, physical IT infrastructure, IT processes) that affect EPHI. Asset information can either be imported from external systems or populated through asset discovery technology. The system supports a comprehensive asset data model to document relationships between assets, organizations, processes and people.
  • Leveraging surveys to identify how critical an asset is to maintaining the integrity and confidentiality of EPHI and then assess its overall risk.
  • Maintain a library of controls by leveraging a popular framework such as ISO 17799/27001.
  • Provide an infrastructure for assessing compliance with controls
    • Automate the process of distributing and collecting periodic surveys and self assessments to evaluate compliance
    • Integrate with monitoring tools, compare asset configuration against controls and policies to identify non-compliance on a continuous basis
  • Report on asset compliance scores – both for status purposes, as well as evidence of compliance for internal and external auditors.
  • Compute an asset’s composite risk score based on multiple criteria, including business impact of its impairment, compliance with policies, including security policies, and its vulnerability based on external feeds. The risk score allows users to prioritize which non-compliant assets need to be addressed first for remediation.
  • Trigger the remediation process.
Live Demo Sign Up