ISO/IEC 27001 From an Auditor's Perspective

For many organizations, compliance with data security standards doesn't seem to be getting easier. IT security compliance efforts are forever competing with projects that may or may not address information security threats, operational vulnerabilities and daily business risks. These compliance projects often lose the battle for resources and funding.

However, in any industry where compliance is an issue, organizations cannot afford to ignore it. Sooner or later, such organizations will be required to demonstrate that they have the appropriate internal IT controls in place that minimize the risk of fraud and/or data breach.

You can get ahead of the game by understanding your control objectives and selecting solutions that ensure consistency of foundational, high-performance processes, such as managing user identities, roles, group memberships and related attestation reviews. Effectively managing user identities and entitlements can satisfy multiple control objectives, thereby enabling your organization to achieve and demonstrate compliance while also automating compliance-related tasks.

Although the control objectives prescribed in ISO/IEC 27001 represent only a portion of the data security compliance obligations faced by many organizations, the standard is one of the most widely used information security management frameworks worldwide.

Anonymous