One of the primary purposes of senior management is to protect the company’s information assets against risk. This task is vital in order to maintain shareholder value, customer confidence and reputation.
ISO 27001 /27002 are the related standard and codes of practice for Information Security. The standard is designed to ensure the selection of adequate and proportionate security controls. It adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security system.
Optial provides a number of facilities to support an organisation’s ability to follow the Information Security standard.
Control environment
- Local and global control libraries
- Automated control monitoring
- Checklist facilities with resultant scoring and flagging
- Breaches, actions and overdue alerts
- Policy, procedures and regulation distribution and review.
Risk Assessment
Audit
- Set up and conduct internal audits
- Record and manage audit findings
- Monitor agreed actions and track overdue findings.
Incident Handling
- IT Security incidents captured and tracked to closure
- Record financial cost, risk assessment and categorisations (e.g. causal factors)
- Drive remedial actions and controls.
Reporting
- Risk maps, radars and dashboards
- Lists, flags and overdue reports
- Slice /dice analytics.
Each aspect of the Control Environment, Risk Assessment, Audit and Incidents has its own configurable process-based workflow to obtain approval and provide accountability. The whole system is subject to Optial’s tamper-proof audit trail and importantly all data can be linked to provide a transparent and comprehensive view of the organisation at all times.
The combined data can be analysed and reported on, using Optial’s powerful OBI reporting tool, providing management with the up to date status and awareness of issues concerning the organisation’s IT and Information Security system.