Automate Your ISO 27001 with Runecast Analyzer
About ISO 27001 Compliance
ISO/IEC 27001 is an international standard that defines how to manage information security. It is a part of the wider ISO 27000 family of standards, which define an Information Security Management System (ISMS). According to it is one of the most popular security standards in the world.
There are 114 controls in 14 groups and 35 control categories; the 2005 standard had 133 controls in 11 groups.
- A.5: Information security policies (2 controls)
- A.6: Organization of information security (7 controls)
- A.7: Human resource security - 6 controls that are applied before, during, or after employment
- A.8: Asset management (10 controls)
- A.9: Access control (14 controls)
- A.10: Cryptography (2 controls)
- A.11: Physical and environmental security (15 controls)
- A.12: Operations security (14 controls)
- A.13: Communications security (7 controls)
- A.14: System acquisition, development, and maintenance (13 controls)
- A.15: Supplier relationships (5 controls)
- A.16: Information security incident management (7 controls)
- A.17: Information security aspects of business continuity management (4 controls)
- A.18: Compliance; with internal requirements, such as policies, and with external requirements, such as laws (8 controls)
The process of checking for compliance within your AWS and VMware environments can be arduous and costly, and any kind of manual checks are subject to human error, so it is important to automate as much as possible.
Runecast is a patented enterprise IT platform that provides IT ops and security teams one platform for configuration monitoring, vulnerability management, security compliance, remediation, upgrade planning and reporting.
- Disruptive, patented solution that automates proactive analysis of logs, configuration drift, and security posture within your environment.
- Simple, lightweight platform that is super-easy to deploy and operates securely on-premises (no data needs to leave your control) to provide you with remediation steps before any issues can lead to a PSOD or downtime.
- Operational transparency and best practices alignment
- Real-time configuration management, vulnerability scanning and security compliance audits
- Freed up team resources (to work proactively on growth drivers)
How Runecast helps you to be audit-ready
Runecast Analyzer automates the process of checking both VMware vSphere and native AWS public cloud resources for compliance against ISO 27001 – in total, over 260 cross-referenced checks. Each finding maps to a specific ISO 27001 control or set of controls, and as with all other standards covered within Runecast Analyzer, we show the details not only of all of the impacted objects, but also both the wording from the standard and a technical translation, as well as details of how to manually audit the finding and remediate any non-compliances.
With Runecast Analyzer, you get year-round, 24/7 visibility into your audit compliance posture. It allows you to get immediate visibility into risks and non-compliances inherent in your environment, allowing you to identify gaps between where you are and a fully compliant state, and also show as soon as any objects move out of compliance.
The solution runs entirely on-premises, with no data leaving your control. All analysis takes place on the Runecast Analyzer appliance. Move to a more proactive way of handling your compliance requirements!