ISO 27001 compliance self-assessment

ISO 27001 - Information Security Management

ISO/IEC 27001 is the most popular international standard specifying the rules for information security management. It defines requirements related to establishing, implementing, monitoring and improving Information Security Management System.

Friendly introduction to the standard requirements

In NOR-STA you will find requirements of the standard presented in a systematic way. The conformance goals are decomposed into detailed requirements. For each requirement assessment criteria are specified.

You can browse the requirements of the standard section by section. At any moment you can jump to other section of the standard using the expandable left sidebar to navigate.

The description of the standard can be adapted to specific needs of your organization. Additional guidance or templates can be provided.

Conformance assessment

Assessment of ISO 27001 in processes in NOR-STA covers:
– 114 security controls,
– general requirements for four main areas of the ISMS: foundations of NOR-STA, risk management, system controls and system improvement.

You can assess conformane with the standard in the systemematic way. We use the scale from 0 to 5 to address the level of the process performance:

0 – activities not performed, results not achieved
1 – activities performed by competent persons
3 – activities performed according to procedures and results are documented
5 – activities monitored and supervised in a systematic way, improved as part of the organization quality management system

The evaluation results can be presented in a web report (html), an Excel spreadsheet or a PDF document. The report formatting can be customized with templates.

ISO 27001 self-assessment report

You can perform the review at your own pace. On the top of the screen you see the achieved conformance level.

The basic approach is to simply use NOR-STA as a checklist and it can be extended with evidence documents. You can provide documents or other information to demonstrate the requirements are satisfied. The evidence review and assessment can be made by a third-party expert.

The evaluation results can be presented in a web report (html), an Excel spreadsheet or a PDF document. The report formatting can be customized with templates.

Goal-based approach

The goal-based approach to conformance management gives the possibility to build a tailred conformance model, define a set of well-focused requirements and conduct online assessment. The set of requirements can be adapted to the organization and process specifics. To find more information please refer to the description of the goal-based approach.

DEMO

Free online DEMO will give you basic information how you can assess conformance.

In free DEMO project you can:
– review conformance requirements,
– view sample evidence documents,
– make assessment,
– generate sample reports.

Editing and evidence management functions are not available in the DEMO project.

TRIAL

A TRAIL project can be started for you for 30 days on your request. In the TRIAL project you can:
– use the default compliance template or modify it,
– manage evidence in NOR-STA internal repository,
– perform assessment,
– generate report and use your own report templates.

Integration with other systems (like SharePoint) and features like template management and modular projects are not available in the TRIAL project.

 

Self-assessment

3-month subscription to perform ISO 27001 self-assessment. You can collect data on conformance, make reviews, evaluate conformance and report results.

Price: €69

 

Standard conformance project

12-month subscription for 5 users in ISO 27001 project in NOR-STA. Using the service the users can collect the evidence, extend the conformance template with additional requirements, make reviews and report results.

Price: €600