ISO 27001 Software as a Service (SaaS)
ISO Manager is an all-in-one digital command center designed specifically to manage ISO 27001 / Information Security Management System (ISMS) including all legal, regulatory and contractual requirements. Its fast, flexible, reliable and scalable for any size organization. ISO Manager is the simplest most comprehensive ISO 27001 software in the world. Now you can certify any size organization for a few thousand dollars per year!!!
- Do-It-Yourself – ISO 27001 implementation and management system
- Includes a Free ISO 27001 toolkit (MS word, excel, visio)
- Everything you need to implement, certify and manage ISO 27001
- Instant updates to the software improvements, additions, etc.
- All modules included in a Low Cost affordable software!
- Free 15 day trial
Governance, Risk & Compliance (GRC) Mapping Solution
We’ve made it Simple! Now you can automatically manage GRC compliance by just completing the risk assessment module. ISO Manager software automatically maps all low level controls to your GRC requirements making it easy to track compliance in a one step process. Here are the GRC defaults in our Software:
Legal / Regulatory Compliance
- FISMA – Federal Information Security Management Act
- GLBA – Gramm-Leach-Bliley Act (Safeguards Rule)
- HIPAA/HITECH – Health Insurance Portability and Accountability Act
- Add your own Legal / Regulatory Compliance Requirements
Contractual Compliance includes (but not limited to):
- CSA – Cloud Security Alliance
- PCI/DSS – Payment Card Industry Data Security Standard
- SOC 1 (SSAE 16) – Service Organization Controls (Statement on Standards for Attestation Engagements No. 16)
- SOC 2/3 – Service Organization Controls (Security, Availability, Processing, Integrity, Confidentiality, Privacy)
- GDPR – Europe Privacy Requirement
- Add your own Legal / Regulatory Compliance Requirements
Task Manager
Calendar Management System
- Task Reminders, Notifications, Processing
- Manage Clauses 4-10
- Manage Risk Treatment Plan (RTP)
- Manage Control Tasks
- Manage GRC Compliance & Mapping
- Manage Corrective Actions
- Manage GRC Audit Program
4 – Context of the Organization
- Needs & Expectations of Interested Parties
- Interfaces & Dependencies
- Scope of Registration
- Locations within the Scope
- Compliance (legal / regulatory & contractual)
5 – Leadership
- Information Security Policy
- Management Objectives
- Roles, Responsibilities & Authorities
6 – Planning
Risk Management
- Methodology (Risk Assessment Approach)
- Asset Inventory
- Risk Assessment Process
- Risk Treatment Plan (RTP)
- Statement of Applicability (SOA)
7 – Support
- Resources
- Competence
- Training and Awareness Program
- Communication Plan
- Control of Documents
- Control of Records
8 – Operation
- 2nd and Annual Risk Assessment
- Control Development & Implementation
- Policies, Processes and Procedures
- GRC Compliance & Mapping
- Service Agreements
- Oprational Level Agreements (OLA)
- Service Level Agreements (SLA)
- Business Continuity Management (BCM)
- Business Impact Analysis (BIA)
- Business Continuity Plan (BCP)
9 – Performance Evaluation
Monitor & Measure (metrics)
- Policies, processes and procedures
- Training & awareness
- Business continuity
- Objectives
- Compliance
Audit Program
- Audit Plan
- Internal Audits
- External Audits
- Service Audits (OLA / SLA)
Management Review
- Meeting Minutes
- Meeting Records
10 – Improvement
Non-Conformities & Corrective Actions
- Corrective Action Plan
- Corrective Action Record
- Task Management