Simplify your ISO 27001 compliance worries

IS0 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes

Policy Controls

  • Information security policies (2 controls): how policies are written and reviewed.

  • Organisation of information security (7 controls): the assignment of responsibilities for specific tasks.

  • Human resource security (6 controls): ensuring that employees understand their responsibilities prior to employment and once they’ve left or changed roles.

  • Asset management (10 controls): identifying information assets and defining appropriate protection responsibilities.

  • Access control (14 controls): ensuring that employees can only view information that’s relevant to their job role.

  • Cryptography (2 controls): the encryption and key management of sensitive information.

Security Controls

  • Physical and environmental security (15 controls): securing the organisation’s premises and equipment.

  • Operations security (14 controls): ensuring that information processing facilities are secure.

  • Communications security (7 controls): how to protect information in networks.

  • System acquisition, development and maintenance (13 controls): ensuring that information security is a central part of the organisation’s systems.

  • Supplier relationships (5 controls): the agreements to include in contracts with third parties, and how to measure whether those agreements are being kept.

  • Information security incident management (7 controls): how to report disruptions and breaches, and who is responsible for certain activities.

  • Information security aspects of business continuity management (4 controls): how to address business disruptions.

  • Compliance (8 controls): how to identify the laws and regulations that apply to your organisation.


  • Win new business and sharpen your competitive edge Avoid the financial penalties and losses associated with data breaches

  • Protect and enhance your reputation

  • Comply with business, legal, contractual and regulatory requirements

  • mprove structure and focus

  • Reduce the need for frequent audits

  • Obtain an independent opinion about your security posture

FixNix FreshGRC

FreshGRC has got 8 different modular products in it's world's 1st SaaS GRC platform to enable organizations simplify the ISO 27001 certification process.