IT GRC Software Solution
Adopt best practices to improve accountability and communication
  Solutions
Quality Management
Regulatory Compliance
Risk Management
Internal Audits
IT GRC
IT Governance and Policy
IT Risk Management
IT Compliance Management
 
CoBit
ISO 27002
FISMA
HIPAA
PCI
IT Audit Management
IT Incident / Issue
Threat and Vulnerability Management
Vendor Risk Management
Business Continuity Management
IT Asset Management
Smart Grid
Entitlement Management
Green Data Center
Legal GRC
Corporate Governance
Sustainable Environment
  Featured Industries
Banks and Financial Services
Energy & Utility
Healthcare
Health Insurance
High Tech
Manufacturing
Government
more ...  
Home > Solutions > IT GRC > IT Compliance > Control Standards > ISO27001

ISO/IEC 27002

   Favorites Favorites
More Topics
Datasheets
Webinars
Solution Briefs

ISO/IEC 27002 provides best practice recommendations on IS security management systems (ISMS). It provides process framework for IT infrastructure governance and allows organization to develop a control structure to link IT processes with business requirements. The standard contains the following twelve main sections:

  • Risk Assessment to determine asset vulnerability
  • Security Policy to adopt management direction
  • Organization of Information Security
  • Asset Management - inventory and classification of information assets
  • Human Resources Security to manage security aspects for employees joining, moving and leaving an organization
  • Physical and Environmental Security for protection of the computer facilities
  • Communications and Operations Management
  • Access Control to enable restriction of access rights to networks, systems, applications, functions and data
  • Information Systems Acquisition, development and maintenance
  • Information Security Incident Management to anticipate and respond appropriately to security breaches
  • Business Continuity Management for protecting, maintaining and recovering business-critical processes and systems
  • Compliance to ensure conformance with information security policies, standards, laws and regulations

Key Benefits of MetricStream IT GRC Solution

  • Out-of-the-box ISO 27001/2 GRC library for all sections
    • Risk and control assessment questionnaires and surveys for all sections
    • Audit questionnaires
    • Policies and content mapped to sections for faster implementation
  • Integrate with UCF controls for managing updates to ISO 27002 control framework
  • Allows to harmonize ISO 27002 controls for multiple IT governance and regulatory compliance program such as BASEL, AML , PCI, HIPAA etc. for program and cost efficiency with UCF control library
  • Integration of ISO 27002 risks, controls and policies with assets to manage compliance security
  • Supports integration of ISO 27002 library with Threat, Vulnerability, Identity and IT Operations Management systems to enable real-time IT governance and compliance program
  • Generate reports for ISO 27002 maturity assessment and heat-maps for overall program
Related Links
Cobit FISMA
HIPAA Compliance PCI Compliance
Automated GCC   Control and Policy Mapping
more ... 

  Resources
Webinars
Minimize IT Risks through Automation of IT GRC Process

Managing Healthcare Privacy, Identity Theft & Information Risk
Datasheets
IT GRC Solution
Insights
Challenges to PCI compliance
New Compliance Challenges for the Healthcare Industry
IT BCP and DR
Solution Briefs
IT GRC - Enhancing Technology Capabilities
  Next Steps