Compliance framework
ISO 27001
In the ISO 27001 standard, organizations are given specifications to implement an information security management system (ISMS). Annex A of the standard lists the requirements to help treat risk of any kind. These requirements (called controls) can be categorized into organizational, people, physical, and technological. Nanitor helps you address the technical requirements by identifying the risks and providing guidance on how you can remediate the risks identified. The additional features included in Nanitor allow you to systematically address these issues by automating the identification process and providing risk information that can educate your decision making when you’re managing the risk to your environment.
Key points
01
Identify the requirements applicable to your organization
If you're implementing the requirements of ISO 27001 for the first time, or your organization is already certified, Nanitor allows you to view all the requirements and automatically assess whether your devices are compliant. If you identify requirements that are not applicable to your environment, you can create exemptions to help you stay focused on the requirements that truly matter.
02
Detailed information on what requirement you're not meeting, so remediation is easier
Nanitor lists the specific control affected so that you can reference the ISO 27002 document and find further information on how the control works, what its objective is, and how you can implement it. If the noncompliance is due to a patch, vulnerability or misconfiguration issue, Nanitor provides detailed information on where the issue was identified.
03
Stay up to date on the compliance status of your IT environment
IT environments are constantly changing, and your compliance status can be affected by these changes. Nanitor's agents continuously assess your device's compliance status and with the Network Discovery feature, you can detect devices on your network that do not have an agent.
04
Systematically remediate the issues that pose the highest risk
Nanitor's Diamond feature utilizes the NPS to categorize issues based on the criticality of the issue and the asset affected. With the built-in projects feature, you can group issues together, assign projects, and define deadlines for these efforts. Remediated issues are automatically updated in Nanitor.
Upcoming changes for ISO 27001
With the latest release of ISO 27002, the number of controls is being reduced from 114 security controls to 93 controls. The recent technological advancements and improved security practices influenced the change in the number of controls. The security controls faced a number of changes and Nanitor facilitates the transition to the latest version by allowing you to view the different versions as you start the implementation process.
