A survey titled “The 2013 Information Security Breaches Survey” from the Department of Business Innovation & Skills indicates that the ISO 27001 is barely adopted by organizations due to few barriers. The survey highlights that only 25 percent of respondents have completed implemented ISO 27001, and a similar number haven't started nor do they intend to.
In an effort to help organizations adopt ISO 27001, SureCloud – a supplier of cloud-based IT governance, risk and compliance (GRC) solutions - announced that it has augmented its cloud-based GRC platform to include process support for ISO 27001.
For those unaware, ISO 27001 is an industry standard for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system (ISMS).
Often organizations do not have in-house knowledge and expertise, nor do they know where to start, to take up ISO 27001 certification. Some seek help from external consultants, self-help groups or forums, but usually there is no real structured guidance. This has created a barrier to adopt ISO 27001 by many organizations, especially for smaller firms.
Another key hurdle to adoption of ISO 27001 certification is that implementation of an ISMS is manual, based on Microsoft (News - Alert) Word or Excel spreadsheets. Consequently, the systems tend to be unwieldy, do not scale, lack audit ability and are extremely labor intensive to operate and maintain.
With SureCloud adding IT process automation functionality into its GRC platform, organizations will be able to meet their ISO 27001 compliance obligations hassle free.
Described by SureCloud as ISO 27001-in-a-box by SureCloud, the new added feature automates the entire process of establishing, managing and monitoring an ISMS. This includes processes to establish the ISMS such as asset management, information classification, risk assessment and risk treatment, and also processes to support ISO 27002 controls, such as third party management, end user provisioning and incident response.
In addition, the latest feature is also incorporated with an integrated evidence library that provides centralized records management, and user definable dashboards. These provide a role-based view to ensure efficient compliance.
Richard Hibbert, CEO of SureCloud, said in a statement, "SureCloud's ISO27001-in-a-box solution provides organizations of all sizes with a more robust approach to information security management and allows them to more effectively manage their security posture."
Hibbert added, "Our series of ready-to-go process templates based on electronic forms, workflows and dashboards allow users to complete their information assurance programs up to 50 per cent faster than with any manual approach. Additional benefits come with savings in resources and training, with the ability to start small and scale up across many different areas of the business over time, whilst ensuring important domain expertise is kept within the organization. "
Edited by Peter Bernstein