Click to Evaluate the Strength of Your Information Security Program Today!

Protecting your organizations information is a major key to success in the 21st century. ISMS Solutions has developed a series of questions to evaluate the strength of your organizations Information Security Program. Complete the questionnaire to learn more about how ISMS Solutions can help strengthen your organizations Information Security Program. Click below to get started.

Question 1:

Has your organization defined the boundaries of your Information Security Management System to include business units, service lines, customer inquiries, personnel responsibilities and protected information sets?


In order to obtain ISO 27001 Certification, the context of your organization must be clearly stated and scope of the Information Security Management System must be defined.

ISMS Solutions and its proprietary Conformance Works platform, along with software features such as a Document Management System helps organizations define, manage and update the context of their organization while identifying compliance gaps along the way so that they can become compliant and stay compliant.

Question 2:

Has Top Management committed to implementing an information security management program in your organization?


In order to obtain ISO 27001 Certification, organizational leadership must demonstrate leadership and commitment to the Information Security Management System. They must also mandate Policies assign information security roles, responsibilities and authorities.

ISMS Solutions and its proprietary software Conformance Works, along with software features such its Responsibility Assignment Module helps those in the leadership position assign responsibilities across the organization with its easy to use interface. Conformance Works’ employee directory houses all of these responsibilities in an accessible manner so that if changes are necessary they can be done quickly, while still maintaining accurate documentation.




Question 3:

In the last 12 months has your organization conducted a comprehensive risk analysis to assess the risks associated with your sensitive information and has top management reviewed the results?


In order to obtain and maintain ISO 27001 Certification, your organization must conduct a yearly comprehensive risk analysis to assess the risks associated with sensitive information.

ISMS Solutions and its proprietary software Conformance Works, along with software features such as its Risk Analysis Module, identifies potential risks based off of the compliance levels across your organization. With easy to understand visuals and automatic reports, Conformance Works makes it easy to understand where the risks are and how to solve them.

Question 4:

Does your organization have the resources (people, financial, top management commitment) in place to create and maintain an Information Security Management System?


In order to obtain ISO 27001 Certification, your organization must have adequate support, resources (people, financial, top management commitment) in place to create and maintain an Information Security Management System.

Question 5:

In the last 12 months has your organization conducted a comprehensive internal audit to look at the effectiveness of your security controls and has top management reviewed the results?


In order to obtain and maintain ISO 27001 Certification, your organization must perform a yearly internal audit to access the state of your Information Security Management System.

ISMS Solutions and its proprietary software Conformance Works, along with software features such as its Internal Audit Module, analyzes the current state of your organization based on the requirements in ISO 27001. Once documentation and all other artifacts are uploaded into Conformance Works, our Internal Audit Module takes over and quickly analyzes and sniffs out any discrepancies. Automated reporting makes the results easily digestible and offers solutions for any potential risk.

Question 6:

Does your organization have a Process in place for handling and mitigating issues with your information security program?


In order to obtain and maintain ISO 27001 Certification, your organization must have a Process in place that addresses the findings of audits and reviews and make an effort to make continual refinements to the Information Management System.

ISMS Solutions and its proprietary software Conformance Works, along with software features such as its Reporting Module, allows organizations to easily review all internal audits, risk assessments and any other custom assessments. These are housed internally within Conformance Works and can be accessed at any time for review.

ISO Standards are updated every few (2-3) years, and with that comes the necessity to update your organizations Information Security Management System. Conformance Works sends out notifications when such an update will occur and has a built in transition tool that makes the Process painless.

Question 7:

Does your organization have a set of information security Policies to cover acceptable use, access control, supplier management and incident management Policies, mobile devices, password and backup?


In order to obtain and maintain ISO 27001 Certification, your organization must have a set of information security Policies that cover acceptable use, access control, supplier management and incident management Policies, mobile devices, and password and backup control.

ISMS Solutions and its proprietary software Conformance Works, along with software features such as its Document Management System and Control Access Module, has the ability to store of all this information in one location. With industry standard Policy documents, it’s easier than ever to quickly establish access control, supplier management and incident management Policies, mobile device tracking, and password and backup documentation.

Question 8:

Does your organization review said Policies?


Your organization must review these Policies in order to maintain ISO 27001 Certification.

Conformance Works has the ability to send automatic reporting of these Policies to Top Management for review. They can be sent at monthly, quarterly, or yearly intervals.

Question 9:

Have roles and responsibilities been defined for your information security program?


In order to obtain and maintain ISO 27001 Certification, roles and responsibilities must be defined for your organizations information security program.

ISMS Solutions and its proprietary software Conformance Works, along with software features such as its Responsibility Assignment Module helps those in the leadership position assign responsibilities for the information security program with its easy to use interface. Conformance Works’ employee directory houses all of these responsibilities in an accessible manner so that if changes are necessary they can be done quickly, while still maintaining accurate documentation.

Question 10:

Do you have a Process in place for on-boarding, managing and off boarding employees and 3rd parties?


In order to obtain and maintain ISO Certification your organization must have a Process in place for on-boarding, managing and off boarding employees and 3rd parties.

ISMS Solutions and its proprietary software Conformance Works, along with software features such as its Employee Directory Module has the ability to create new employees and 3rd parties, as well as remove employees and 3rd parties from the Information Security Management System and from organizations themselves. As each employee is on-boarded or off-boarded, Conformance Works asks a series of questions regarding responsibilities across the Information Security Management System so that no gaps shall exist in the transition.

Question 11:

Does your organization have a Policy of encrypting transfers of critical data?


In order to obtain and maintain ISO 27001 Certification, your organization must have a Policy of encrypting transfers of critical data.

ISMS Solutions and its proprietary software Conformance Works, along with software features such as its Industry Standard Documentation Module grants access to standard Policies regarding encryption of critical data. Once these Policies are reviewed by Top Management they can be implemented throughout the organization.

Question 12:

Does your organization lease or own the businesses facilities?


In order to obtain ISO 27001 Certification, your organization must define whether they lease or own the businesses facilities.

ISMS Solutions and its proprietary software Conformance Works, along with software features such as its Property Management Module, has the ability to document and assign responsibilities for all pieces of property. Property may include business facilities, physical property (laptops, mobile devices, etc.) and intellectual property.

Question 13:

Do you have a formally defined Process to handle the change management Process?


In order to obtain and maintain ISO 27001 Certification, your organization must have a formally defined Process to handle Change Management Process.

ISMS Solutions and its proprietary software Conformance Works, along with software features such as its Industry Standard Documentation Module grants access to standard Policies regarding Change Management Process. Once these Policies are reviewed by Top Management they can be implemented throughout the organization.

Question 14:

In the last 12 months have you done a vulnerability scan on your organizations network(s) and computing systems?


In order to obtain and maintain ISO 27001 Certification, your organization must have done a vulnerability scan on your organizations network(s) and computing systems.

Question 15:

Does your organization have confidentiality and non-disclosure agreements in place to protect its proprietary information?


IIn order to obtain and maintain ISO 27001 Certification, your organization must have confidentiality and non-disclosure agreements in place to protect its proprietary information.

ISMS Solutions and its proprietary software Conformance Works, along with software features such as its Industry Standard Documentation Module grants access to standard Policies regarding Confidentiality and Non-Disclosure Agreements. Once these Policies are reviewed by Top Management they can be implemented throughout the organization.

Once implemented by Top Management, employee Confidentiality and Non-Disclosure Agreements can be housed in either Conformance Works’ Document Management System or Employee Directory.

Question 16:

Do you develop or create, onsite or offsite, software applications?


In order to obtain and maintain ISO 27001 Certification, your organization must define whether or not it develops or creates, onsite or offsite, software applications.

In the Process of ISO 27001 Implementation, ISMS Solutions and its Conformance Works software addresses this by tracking whether or not software is developed or created, and documents whether this development and creation happens onsite or offsite. This information is stored inside of Conformance Works and can be accessed if/when changes occur.

Question 17:

Does your organization periodically review its vendors require its vendor to meet information security standards?


In order to obtain and maintain ISO 27001 Certification, your organization must periodically review its vendors so that they meet information security standards.

ISMS Solutions and its proprietary software Conformance Works, along with software features such as its state of the art Vendor Verified module, allows organizations to access their vendors based on a series of information security questions (similar questions to the ones you’ve answered to complete this survey). Vendor responses are graded against the ISO 27001 industry standard and when gaps or potential risks are identified a notification is sent to the vendor so that they can address the issue.

Being secure should be every organizations goal. However, in this day and age your partners must also be secure in order to avoid potential disaster.

Question 18:

Do you have a Process in place for identifying, managing, and mitigating vulnerabilities within your Information Security Management System?


In order to obtain and maintain ISO 27001 Certification, your organization must have a Process in place for identifying, management, and mitigating vulnerabilities within your Information Security Management System.

ISMS Solutions and its proprietary software Conformance Works, along with software features such as its Internal Audit and Risk Assessment Module, help identify, manage and mitigate vulnerabilities throughout organizations Information Security Management System. By constantly scanning the Information Security Management System, Conformance Works has the ability to keep your organization compliant as you update Policies, on-board and off-bard employees and 3rd parties, manage vendors, and countless other tasks associated with maintaining an updated Information Security Management System.

Question 19:

Does your organization have a Process in place in case of a crisis or disaster so that the organization can continue to function?


In order to obtain and maintain ISO 27001 Certification, your organization must have a Process in place in case of a crisis or disaster so that the organization can continue to function.

ISMS Solutions and its proprietary software Conformance Works, along with software features such as its Industry Standard Documentation Module grants access to standard Policies regarding crisis and disaster planning. Once these Policies are reviewed by Top Management they can be implemented throughout the organization.

Question 20:

Has your organization clearly identified regulatory, statutory, and contractual information security and privacy requirements?


In order to obtain and maintain ISO 27001 Certification, your organization must have clearly identified regulatory, statutory, and contractual security and privacy requirements.

Complete!

Contact an ISMS Solutions professional to learn more on how your organization can strengthen its security program

Email us at [email protected]

Welcome to ISMS Solutions

ISMS Solutions is the only management consulting firm that employs a holistic and proprietary SaaS platform, Conformance Works, to quickly, cost-efficiently and successfully assist our clients with achieving their standard certification goals. The ISMS Solutions team of compliance experts collaborate with clients to customize, implement and automate standards and processes that meet or exceed international certification standards set by many of the standard organizations. ISMS Solutions has a 100% successful track record of our clients receiving certification.

our Services

Certification Certification

Implementation

Certification is not only about being compliant or meeting a standard— it's also about constantly evolving your organization to achieve greatness. ISMS Solutions can help your organization.

Advisory & Assessment Advisory & Assessment

advisory & assessment

The business environment today is more complex and uncertain than any other time period in history. Interconnectivity between organizations is increasing at an alarming rate.

Internal Audit Internal Audit

internal audit

Obtaining ISO International Standard Certifications means your organization has invested a substantial amount of resources into properly establishing your Management System.

Government Government

government

ISMS Solutions works with an extensive range of government contractors to simplify the certification process for both ISO International Standards 27001 (Information Security Management).

Training Training

training

Our ISO International Standard Lead Implementer training courses are custom designed to your organizational needs. All ISMS Solution courses feature multiple breakout sessions and group exercises.