SureCloud® has added IT process automation functionality to help organisations more easily meet their ISO 27001 compliance obligations. ISO 27001 is the recognised industry standard for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS).
One of the chief barriers to more widespread adoption of ISO27001 is that often organisations do not possess the in-house knowledge and expertise, nor do they know where to start. Some may turn to external consultants, self-help groups or forums but usually there’s no real structured guidance, especially for smaller firms. Another issue is that implementing an ISMS tends to be manual, based on Microsoft Word or Excel spreadsheets. As a consequence the systems tend to be unwieldy, do not scale, lack auditability and are extremely labour intensive to operate and maintain.
The 2013 Information Security Breaches Survey from the Department of Business Innovation & Skills highlights the lack of adoption stating that only 25% of respondents have fully implemented ISO 27001, and a similar number haven’t started nor do they intend to. To help, SureCloud is extending its cloud-based GRC Platform to include process support for ISO 27001. Described by SureCloud as “ISO 27001-in-a-box,” the solution automates the entire process of establishing, managing and monitoring an ISMS. This not only includes processes to establish the ISMS such as asset management, information classification, risk assessment and risk treatment, but also processes to support ISO 27002 controls, such as 3rd Party Management, End User Provisioning and Incident Response. Furthermore, an integrated evidence library provides centralised records management, and user definable dashboards provide a ‘role-based’ view to ensure compliance is achieved as efficiently as possible.
“SureCloud’s ISO27001-in-a-box solution provides organisations of all sizes with a more robust approach to information security management and allows them to more effectively manage their security posture,” said Richard Hibbert, CEO of SureCloud. “Our series of ready-to-go process templates based on Electronic Forms, Workflows and Dashboards allow users to complete their information assurance programmes up to 50 per cent faster than with any manual approach. Additional benefits come with savings in resources and training, with the ability to start small and scale up across many different areas of the business over time, whilst ensuring important domain expertise is kept within the organisation. ”