ISO 27001 is an international standard on how to manage information security. After an enterprise attains the ISO 27001 certification, International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) recognize the information security system of the enterprise. This certification indicates that the enterprise has the ability to provide safe, reliable information services. Security Center provides the ISO 27001 compliance check feature. This feature can help your enterprise attain the ISO 27001 certification. This topic describes the check items supported by the feature and how to view the results of the compliance checks.

Background information

You do not need to manually perform ISO 27001 compliance checks. When you open the ISO 27001 Compliance Check tab, Security Center automatically performs an ISO 27001 compliance check and provides the latest compliance results.

Limits

All editions of Security Center support this feature. For more information about the features that each edition supports, see Feature.

Check item

Annex Section
A.8 Asset management A.8.1.1 Inventory of assets
A.8.1.2 Ownership of assets
A.8.2.1 Classification of information
A.8.2.2 Labeling of information
A. 9 Access control A.9.1.2 Access to networks and network services
A.9.2.1 User registration and deregistration
A.9.2.2 User access provisioning
A.9.2.3 Management of privileged access permissions
A.9.2.4 Management of confidential authentication information of users
A.9.2.5 Review of user access permissions
A.9.2.6 Removal or adjustment of access permissions
A.9.4.1 Limits on information access
A.9.4.2 Secure logon procedures
A.9.4.3 Password management system
A.9.4.4 Use of privileged utilities
A.10 Cryptography A.10.1.1 Use of cryptographic mechanisms
A.10.1.2 Key management
A.12 Operation security A.12.1.3 Capacity management
A.12.2.1 Protection against malware
A.12.3.1 Information backup
A.12.4.1 Event logging
A.12.4.2 Protection of logs
A.12.4.3 Administrator and operator logs
A.12.6.1 Management of technical vulnerabilities
A.12.7.1 Information system audit control mechanisms
A. 13 Communications security A.13.1.1 Network control mechanisms
A.13.1.2 Security of network services
A.13.1.3 Network isolation
A. 16 Information security incident management A.16.1.4 Assessment of and decision on information security events
A. 17 Information security of business continuity management A.17.2.1 Availability of the assets that are used to process information

View the compliance check results

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Application market > Compliance.
  3. On the Compliance page, click the ISO 27001 Compliance Check tab.
  4. On the ISO 27001 Compliance Check tab, view the statistics and list of check results. ISO 27001 Compliance Check tab
    You can perform the following operations:
    • View the total number of check items and number of failed check items

      You can view the total number of check items supported by ISO 27001 compliance checks and the number of non-compliant items in the Check Items and Non-compliant Items sections.

    • View compliant items, non-compliant items, or pending items

      You can select Compliant, Non-compliant, or Pending from the drop-down list to view compliant items, non-compliant items, or pending items.

  5. Manage non-compliant items
    You can manage non-compliant items in the Suggestions for improvement column.

    The ISO 27001 compliance check feature checks whether your system meets ISO 27001 requirements from the following aspects: asset management, access control, cryptography, and operation security. We recommend that you handle non-compliant items at the earliest opportunity.

    Handle non-compliant items