Automate Your ISO 27001 with Runecast Analyzer

About ISO 27001 Compliance

ISO/IEC 27001 is an international standard that defines how to manage information security. It is a part of the wider ISO 27000 family of standards, which define an Information Security Management System (ISMS). According to it is one of the most popular security standards in the world.

There are 114 controls in 14 groups and 35 control categories; the 2005 standard had 133 controls in 11 groups.

  • A.5: Information security policies (2 controls)
  • A.6: Organization of information security (7 controls)
  • A.7: Human resource security - 6 controls that are applied before, during, or after employment
  • A.8: Asset management (10 controls)
  • A.9: Access control (14 controls)
  • A.10: Cryptography (2 controls)
  • A.11: Physical and environmental security (15 controls)
  • A.12: Operations security (14 controls)
  • A.13: Communications security (7 controls)
  • A.14: System acquisition, development, and maintenance (13 controls)
  • A.15: Supplier relationships (5 controls)
  • A.16: Information security incident management (7 controls)
  • A.17: Information security aspects of business continuity management (4 controls)
  • A.18: Compliance; with internal requirements, such as policies, and with external requirements, such as laws (8 controls)

The process of checking for compliance within your AWS and VMware environments can be arduous and costly, and any kind of manual checks are subject to human error, so it is important to automate as much as possible.

Read how Runecast Analyzer helps you to be audit-ready
Expand icon

Runecast Analyzer automates the process of checking both VMware vSphere and native AWS public cloud resources for compliance against ISO 27001 – in total, over 260 cross-referenced checks. Each finding maps to a specific ISO 27001 control or set of controls, and as with all other standards covered within Runecast Analyzer, we show the details not only of all of the impacted objects, but also both the wording from the standard and a technical translation, as well as details of how to manually audit the finding and remediate any non-compliances.

With Runecast Analyzer, you get year-round, 24/7 visibility into your audit compliance posture. It allows you to get immediate visibility into risks and non-compliances inherent in your environment, allowing you to identify gaps between where you are and a fully compliant state, and also show as soon as any objects move out of compliance.

The solution runs entirely on-premises, with no data leaving your control. All analysis takes place on the Runecast Analyzer appliance. Move to a more proactive way of handling your compliance requirements!

Schedule a demo

Want to see what Runecast Analyzer can do for your specific environment and needs?
Talk to one of our virtualization experts!
Schedule a demo

Discover More Content

Read how to get & stay audit-ready for ISO/IEC 27001 compliance

Download Your Free Security Compliance Guide

Read how to Automate Security Compliance Analysis with Runecast Analyzer