22 Critical Success Factors built-in to the Assessment Module for Information Security Management (ISO 27001:2013)
Understanding the Organisational Context
Understanding Stakeholder Expectations
Scope of Information Security Management System
Information Security Management System
Leadership and Commitment
Information and Security Policy
Organisational Roles, Responsibilities, and Authorities
Actions to address Risks and Opportunities
Information Security Objectives and Plans
Operational Planning and Control
Information Security Risk Assessment
Information Security Risk Treatment
Monitoring, Measurement, Analysis, and Evaluation
Nonconformity and Corrective Action
The ISO 27001:2013 international standard on Information Security has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system. The adoption of an information security management system is a strategic decision for an organization. The establishment and implementation of an organization’s information security management system is influenced by the organization’s needs and objectives, security requirements, the organizational processes used and the size and structure of the organization. All of these influencing factors are expected to change over time.
The ISO 27001:2013 Information Security Management Assessment Module within Performax is designed to help organisations ensure continuous compliance to the standard, based on LIVE employee feedback on the key components of the standard. In addition, it presents advanced analytics and collaborative action planning capabilities. There is a 30-day free trial (max. 10 users) available for new customers.
The assessment module can be customised and implemented within 2-3 hours. The initial round of feedback from stakeholders may take 1-2 weeks. Reports are generated in real-time. So, within 2-4 weeks, you’ll be able to ‘sense and respond’ to information security issues, and take action on innovative improvement ideas.
The ISO 27001 information security management system preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed. It is important that the information security management system is part of and integrated with the organization’s processes and overall management structure and that information security is considered in the design of processes, information systems, and controls. It is expected that an information security management system implementation will be scaled in accordance with the needs of the organization. This International Standard can be used by internal and external parties to assess the organization’s ability to meet the organization’s own information security requirements.
Carrying out the Information Security (ISO 27001:2013) assessment through Performax allows you to engage key internal employees and external stakeholders (customers, partners, etc.) in a LIVE feedback and feed-forward process. Gain multi-stakeholder insights on the 22 critical success factors, derived from the ISO 27001:2013 standard, relevant to your Information Security Management program.
With Performax, organizations can engage employees, partners, suppliers, and customer focus groups in evaluating its effectiveness, strengths and weaknesses, and capturing ‘ideas for action’ for Information Security Management. Using ISO 27001:2013 helps ensure that products and services are produced in a way that follows the highest standards of information and data security, which in turn brings many business benefits.
View the organizational effectiveness ratings and trends in real-time
Drill-down into the details for insights into Environmental Management effectiveness.
Strengths and Weaknesses
Identify environmental management areas that are compliant vs. those that need more focus.
Action Planning and Real-time Performance Alerts
Performax is designed for collaborative action planning and real-time monitoring.