Skip to main content

Set a meeting with us at Gartner Security & Risk Management Summit

5-7 June 2023

|

National Harbor, MD

Meet With Us

ISO/IEC 27001 Compliance Solutions

Monitor insider activity. Detect anomalies. Respond to incidents. ALL-IN-ONE

Access the Demo Portal Get in Touch

The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) are world-renowned organizations that issue industry-specific standards. For information security management, they established the ISO/IEC 27000 family of standards that provides organizations with requirements, best practices, and recommendations for ensuring full-scale data security.

The ISO 27001 standard specifies requirements for information security management systems (ISMSs). It includes 14 major controls that describe policies and processes for managing and protecting data.

Ekran System® has obtained ISO 9001 and ISO 27001 certifications for its Quality Management System and Information Security Management System

Who needs to comply with ISO 27001?

ISO 27001 certification is completely voluntary and can be obtained by any company that has an information security management system. Despite being optional, however, the implementation of ISO 27001 requirements one of the most popular ones according to Gartner. The reason behind this popularity is the vast number of benefits this certification can bring to an organization.

Benefits of complying with ISO 27001

01

Implement the best cybersecurity measures

02

Validate data security effectiveness for customers and stakeholders

03

Prevent Data and reputational losses

04

Gain a competitive advantage

A lot of ISO 27001 requirements align with other requirements such as those imposed by the GDPR and NIST. To get certified, you need to contact your local ISO 27001 certification body, pass an initial audit, and prove your compliance with yearly surveillance audits. Deploying dedicated software such as Ekran System eases the audit process and helps you pass it successfully.

ISO 27001 major controls

A.5. Information security policies

A.6. Organization of information security

A.7. Human resource security

A.8. Asset management

A.9. Access control

A.10. Cryptography

A.11. Physical and environmental security

A.12. Operation security

A.13. Communications security

A.14. System acquisition, development and maitenance

A.15. Supplier relationships

A.16. Information security incident management

A.17. Information security aspects of business continuity management

A.18. Compliance

Ekran System can help your organization comply with ISO 27001 by providing you with tools for monitoring and logging user actions, managing access to sensitive resources, responding to security events, and auditing suspicious activity.

Also, Ekran System’s own quality management system and ISMS comply with ISO 9001 and ISO 27001.

Download White Paper

Implementing ISO 27001 controls with Ekran System

Ekran System is an all-in-one insider threat management solution that covers six of the most important ISO 27001 controls:

Become ISO 27001 compliant with Ekran System

Administrative safeguards

Organization of information security

Asset management

Access control

Operations security

Supplier relationships

Information security incident management

Technical safeguards

Role-based access control
Remote user monitoring

USB device management

Identity management and access control
Password management

User activity monitoring

Third-party vendor monitoring

Auditing and reporting

Organization of information security. Deploying Ekran System helps you establish a cybersecurity management framework. This platform provides you with the means to grant access privileges and monitor the activity of regular users, privileged users, and remote employees. By doing so, you’ll be able to meet the following requirements:

  • A.6.1.2. Segregation of duties
  • A.6.2.2. Teleworking

Asset management. You can detect, manage, manually or automatically approve, and block any connection of a USB device to an endpoint monitored with Ekran System. This functionality covers the following control:

  • A.8.3.1. Management of removable media

Access control. Ekran System provides you with a robust access control and management toolset that includes an access request and approval workflow, secondary authentication, multi-factor authentication, and time-based access restrictions. With these tools, you’ll be able to granularly control access, manage user rights in a few clicks, and detect and stop security violations in real time.

Ekran’s password management functionality securely handles user credentials and secrets, providing an additional level of access protection.

This set of access management tools helps you comply with such ISO 27001 requirements:

  • A.9.1.2. Access to networks and network services
  • A.9.2.3. Management of privileged access rights
  • A.9.2.4. Management of secret authentication information of users
  • A.9.2.5. Review of user access rights
  • A.9.2.6. Removal or adjustment of access rights
  • A.9.4.1. Information access restriction
  • A.9.4.2. Secure log-on procedures
  • A.9.4.3. Password management system

Operations security. User activity monitoring is one of the core functionalities of Ekran System. This solution monitors and logs each user action on protected endpoints and couples context-rich recordings with searchable metadata: names of opened files and folders, connected USB devices, accessed URLs, executed commands, etc. Monitoring data is protected with AES-256 encryption and is easy to review and analyze. All encryption algorithms use FIPS 140-2 certified encryption implementations. With this functionality, you can implement these controls:

  • A.12.1.2. Change management
  • A.12.4.1. Event logging
  • A.12.4.2. Protection of log information
  • A.12.4.3. Administrator and operator logs
  • A.12.7.1. Information systems audit controls

Supplier relationships. With Ekran System, you can monitor the activity of third-party vendors just as easily as the activity of your own employees. The software logs their activities, manages access, and controls privileges. Vendor actions can be reviewed online or in records. This functionality corresponds to the following control:

  • A.15.2.1. Monitoring and review of supplier services

Information security incident management. Being a full-cycle cybersecurity platform, Ekran System provides you with the means to detect and respond to cybersecurity incidents. You can assess suspicious user actions online, educate users on security violations, and block suspicious processes, sessions, or users. After an event, you can review and analyze logs, generate reports on the event, and export data for forensic investigation. Using Ekran System, you can implement these ISO 27001 security controls:

  • A.16.1.2. Reporting information security events
  • A.16.1.4. Assessment of and decision on information security events
  • A.16.1.5. Response to information security incidents
  • A.16.1.7. Collection of evidence

For more information on ISO 27001 compliance with Ekran System, take a look at this white paper.

Download White Paper

Meet other IT security standards with Ekran System

ISO 2700

PCI DSS

SWIFT CPS

SOX

FISMA

GDPR

NIST 800-53

NIST 800-171

NERC

GLBA

NISPOM Change 2 and H.R. 666

SOC 2

Let’s get the conversation started

Contact our team to learn how our insider risk management software can safeguard your organization’s data from any risks caused by human factors. Book a call with us at a time that suits you best, and let’s explore how we can help you achieve your security goals.

Get in Touch