ISO 27001 Compliance Dashboard¶
Information Security Management System
Scope: International | Standard: ISO/IEC 27001:2022 | Domain: Security
Overview¶
ISO 27001 specifies requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS) within the context of the organization.
Controls¶
ISO-C001: Information Security Policy¶
- Requirement: Documented information security policy approved by management
- Automated: No
- Evidence: Policy documents, approval records
ISO-C002: Risk Assessment¶
- Requirement: Regular information security risk assessment process
- Automated: Yes
- Evidence: Risk register, assessment reports
ISO-C003: Access Control¶
- Requirement: Access control policy and implementation
- Automated: Yes
- Evidence: Access logs, role definitions
ISO-C004: Cryptographic Controls¶
- Requirement: Policy on use of cryptographic controls
- Automated: Yes
- Evidence: Encryption audit, key management logs
ISO-C005: Incident Management¶
- Requirement: Information security incident management procedures
- Automated: No
- Evidence: Incident logs, response procedures
Compliance Gates¶
| Gate | Control Ref | Requirement | Status |
|---|---|---|---|
| ISO-G001 | ISO-C001 | Security policy reviewed annually | |
| ISO-G002 | ISO-C002 | Risk assessment completed within cycle | |
| ISO-G003 | ISO-C003 | Access reviews completed quarterly |
Metrics¶
| Metric | Target | Source | Trend |
|---|---|---|---|
| Control implementation rate | 95% | isms_tracker | Improving |
| Risk assessment frequency | Quarterly | risk_register | Stable |
| Incident response time | < 4 hours | incident_system | Improving |
Recommended Actions¶
- Complete annual management review of ISMS
- Update Statement of Applicability for new controls
- Conduct internal audit program
Cross-Regulation Overlaps¶
- SOC 2 — Security trust service criteria
- PCI DSS — Network and data security controls
- FedRAMP — Federal security controls
- NIS2 — Security of network systems