ISO27001 compliance tool has been developed to assist Information Security Managers or Consultants in keeping track of their organisation’s level of compliance to the ISO27001 standard or offer a managed service to clients. Although the tool can be used for ISO27001 certification it’s purpose is to assist organisations to maintain compliance to the standard (i.e. working to the spirit of the standard). The unique selling point of Riesgo Risk Management ISO27001 compliance tool is that it was designed by Information Security Managers with years of experience in dealing with the problem Information security managers face on a day today basis with compliance to the standard.

1. 2010
Information security compliance
Ben oguntala
www.riesgoriskmanagement.com
2/23/2010

2. ISO27001 compliance tool
Introduction The key features of the tool:
The key accounts
- IS Policy manager
- IS Manager
- Data Protection Officer
- Freedom of Information Officer
- Internal/External Auditors
- Business unit Security representatives
www.riesgoriskmanagement.com ISO27001
The organisational chart
compliance tool has been developed to assist
Each Business unit Security representative will
Information Security Managers or Consultants in
have access to the tool allowing them to participate
keeping track of their organisation’s level of
in all the Information security related activities.
compliance to the ISO27001 standard or offer a
managed service to clients.
Although the tool can be used for ISO27001
certification it’s purpose is to assist organisations to
maintain compliance to the standard (i.e. working to
the spirit of the standard).
The unique selling point of Riesgo Risk
Management ISO27001 compliance tool is that it
was designed by Information Security Managers
with years of experience in dealing with the problem
Information security managers face on a day today
basis with compliance to the standard.
Managing users
The designers have addressed the problem in the A simple interface to manage user accounts, it
modules enabling the Information security team to provides an easy means of registering and
gain control of the challenge they face and aid their deregistering.
resolution.
Regulation compliance
Although the tool is designed to address
compliance with ISO27001, the principles are
compatible with the following regulatory or industry
compliance standards:
- SOX compliance
- Data Protection Act
- Freedom of Information Act
- PCI DSS
The principles covered in also include UK
government GSI accreditation. This is particularly
of importance to Public sector organisations that
have to submit annual GSI accreditation for using Each user from the Business units can be
the GSI network. GSI Accreditation is fairly similar authenticated with their email address and once the
to the ISO27001 standards and the principles account is no longer required can be easily de-
overlap. registered by the administrator.
Www.riesgoriskmanagement.com | info@riesgoriskmanagement.com
ISO 27001 compliance tool
Riesgo Risk management is a service of Mateo Isabella, a UK registered limited company.

3. ISO27001 compliance tool
Key principles
ISMS forum
This represents your organisation’s management
structure in support of Information Security
principles. The tool is designed to capture the
information security issues that need management
approval in order to resolve or growing trends from
the incidents, risk register or Audit register.
Information Asset register
A register of Information Assets listed according to
Information security policy with information Asset each business unit. Each Asset is given an
register, Incident register linked to policy and automatic Asset ID, Risk index and classification. It
information asset register. A risk register to manage also includes Asset owner, format and any risk
all associated risks for your organisation. register entries or Audit non compliances.
IS policy manager
Maps National (Group or HQ) policies to Local
policies to Departmental policies. It also assigns a
responsibility to the associated procedures. All
policies and procedures have dates associated with
each and an automatic review date (3/6/9/12 month
review dates.
Information security Manager will be able to see all
information Assets for all business units whilst each
business unit limited to their own information Asset.
Www.riesgoriskmanagement.com | info@riesgoriskmanagement.com
ISO 27001 compliance tool
Riesgo Risk management is a service of Mateo Isabella, a UK registered limited company.

4. ISO27001 compliance tool
Incident register Data Protection Officer – subject access
Each Business unit will be able to register requests
information Security incidents that occur within their For Information Security departments that are also
Business units. The information Security Manager is responsible for Data Protection compliance or for
automatically notified and the incident stored on the organisations that have a dedicated Data Protection
register till it is resolved. Officer, the tool has a Subject Access Request
dashboard. It stores all Subject Access requests,
and tracks the request till response.
Risk Register
The risk register allows your organisation to
maintain risks found in the organisation with the aim Freedom of Information request – FOI request
of resolving them.
Assets that pose risks will have the owners
associated with the risk register entry to aid
resolution of the risk.
As the risks as resolved, they are moved to the
archive.
Contact details
Ben Oguntala
Ben.oguntala@riesgoriskmanagement.com
Tel - +44 7812039867
For Security consultants interested in providing an
ISO27001 compliance managed service for their
clients we can arrange for multiple client solution.
Please call or email Ben Oguntala for more
information.
Www.riesgoriskmanagement.com | info@riesgoriskmanagement.com
ISO 27001 compliance tool
Riesgo Risk management is a service of Mateo Isabella, a UK registered limited company.