A test application which defines how to apply controls to determine organisation’s compliance with ISO/IEC 27001:2013 Standard and make complex rules of ISO/IEC 27002:2013 Standard to be understood easily, Management of Controls in ISO/IEC 27001:2013 forming the infrastructure of test application and management of rules in ISO/IEC 27002:2013 corresponding the application of controls, Updatable rule base according to ISO/IEC 27001:2013 and ISO/IEC 27002(2013) Standards’ requirements, Documentation of conformities and unconformities resulting test application, Preparing a substructure towards automated documentation of mandatory procedures of ISO/IEC 27001:2013 Standard, resulting test application, Providing a Maturity Model that shows compliance of the organisation visually.
Tracing software and hardware assets on Local Area Network and inserting them into inventory database automatically, Importing existing asset inventory in exel form appropriate to software in case it’s not desirable to search the information assets on Local Area Network, Inserting information assets which are not connected on Local Area Network into inventory database manually using asset entry interface, Assigning assets to more than one business processes or correlating business processes with more than one asset, Defining asset groups for collecting the assets having same qualification under a unique asset group and managing them all together, An interface of which asset category, asset group, asset location, asset owner and asset explanation can be monitored and asset can be corolated to business processes, Defining confidentality, integrity and accessibility values of assets one by one or under an asset group as maximum, sum or multiplication (optional) values. Keeping track of asset owners on unit base and listing assets on category or process base. Detailed documentation of asset inventorty.
Automated assignment of valnurabilities and related threats of assets, according to their classification, without user intervention by the system, Defining Protective Controls against to valnurabilities and threats, Five optional qualitative and quantitative risk evaluation methodologies you can choose dynamically:
Risk analysis application with different risk evaluation mehods taking into account the values; Asset Value-AV, Exposure Factor-EF, Single Loss Expectancy-SLE, Annualized Rate of Occurence-ARO, Annualized Loss Expectancy- ALE, Ease of performing risk analysis with optional risk evaluation methodologies, Documentation of Risk Evaluation Report in exel format appropriate to ISO/IEC 27001 Standard, Graphical presentation of risk positions of organization’s information assets according to their classification “Risk Analysis Table”.
Improving organisation’s ISMS in course of time; List of conformities and unconformities after Gap Analysis, Defining controls from ISO/IEC 27001:2013 and best practicies from ISO/IEC 27002:2013 to resolve unconformities.
Document importing, exporting and monitoring according to user authority, Versioning and keeping documents by date and publishing the current version on web page, Producing the mandatory documents listed below for ISO/IEC 27001 certification automatically and allowing to update them only by authorizied (Administrator) user, Publishing the prepared documents, presenting all documents to users which will be able to access on the organisation’s local portal,
A dashboard checking requirements in documentation with their last versions and presenting compliance level of the organisation. Providing top management to review whole ISMS.
Related with internal audits; Selecting units to be audited, Selecting auditors, Question lists, planning and tracing audit activities.
Managing Corrective Activities on system, Assigning personel for each activity, monitoring activities, Following deadline for each activity, and closing the activity if compliance provided, Listing all open activities for management’s review report.