ISO 27001 is an international standard on how to manage information security. An enterprise that attains the ISO 27001 certification is considered to be able to provide safe and reliable information services. The information security system of the enterprise is recognized by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Security Center provides the feature of ISO 27001 compliance check. This feature helps your enterprise attain the ISO 27001 certification. This topic describes the check items that are supported by the feature. The topic also describes how to view the compliance check results.
Background information
Limits
All editions of Security Center support this feature. For more information about the features that each edition supports, see Features.
Supported check items
| Annex | Section |
|---|---|
| A.8 Asset management | A.8.1.1 Inventory of assets |
| A.8.1.2 Ownership of assets | |
| A.8.2.1 Classification of information | |
| A.8.2.2 Labeling of information | |
| A. 9 Access control | A.9.1.2 Access to networks and network services |
| A.9.2.1 User registration and deregistration | |
| A.9.2.2 User access provisioning | |
| A.9.2.3 Management of privileged access permissions | |
| A.9.2.4 Management of confidential authentication information of users | |
| A.9.2.5 Review of user access permissions | |
| A.9.2.6 Removal or adjustment of access permissions | |
| A.9.4.1 Limits on information access | |
| A.9.4.2 Secure logon procedures | |
| A.9.4.3 Password management system | |
| A.9.4.4 Use of privileged utilities | |
| A.10 Cryptography | A.10.1.1 Use of cryptographic mechanisms |
| A.10.1.2 Key management | |
| A.12 Operation security | A.12.1.3 Capacity management |
| A.12.2.1 Protection against malware | |
| A.12.3.1 Information backup | |
| A.12.4.1 Event logging | |
| A.12.4.2 Protection of logs | |
| A.12.4.3 Administrator and operator logs | |
| A.12.6.1 Management of technical vulnerabilities | |
| A.12.7.1 Information system audit control mechanisms | |
| A. 13 Communications security | A.13.1.1 Network control mechanisms |
| A.13.1.2 Security of network services | |
| A.13.1.3 Network isolation | |
| A. 16 Information security incident management | A.16.1.4 Assessment of and decision on information security events |
| A. 17 Information security of business continuity management | A.17.2.1 Availability of the assets that are used to process information |
View check results
- Click Authorize Immediately.
If this is the first time that you use Security Center, you can use the feature of ISO 27001 compliance check only after you authorize Security Center to access your cloud resources.After Security Center is authorized, the Authorize succeeded message appears in the upper part of the page. - On the ISO 27001 Compliance Check tab, view the check results.
You can perform the following operations:- View the total number of check items and number of failed check items
View the total number of check items supported by ISO 27001 compliance checks in Check Items and the number of non-compliant items in Non-compliant Items.
- View compliant, non-compliant, or pending items
Select YES, NO, or Pending from the drop-down list to search for compliant, non-compliant, or pending items.
- View the total number of check items and number of failed check items
- Handle non-compliant items. You can find a non-compliant item and handle it based on the suggestions provided in the Check item column.
The feature of ISO 27001 compliance check checks whether your system meets ISO 27001 requirements from the following dimensions: asset management, access control, cryptography, and operation security. We recommend that you handle non-compliant items at the earliest opportunity.
