ISO/IEC27001 - Cloud Cop

Blog

Posted on May 2, 2022

IT Security

Is ISO / IEC 27001 implemented or on the agenda of your company? In that case, it shows that you are serious about information security, and perhaps you also have a relationship with the Norwegian Security Authority (NSM) principles for IT security.

NSM’s principles for IT security are something all companies should have a conscious relationship with, as they contribute to raising awareness about IT security in a simple and clear way.

No matter where you are in the process, I would recommend those who do not know NSM’s mapping table that links NSM principles up to ISO27002, to take a look at it. This provides a very good overview that shows the connection and why: NSM principles for IT Security / ISOIEC 27002

Microsoft Azure

For those of you who use Microsoft Azure, it`s natural that this environment is also included in the total scope.

In this case, Microsoft has created a complete set of different policies linked to ISO / IEC 27001 that can be used in the platform.
The purpose of these policies is to be able to revise whether the environment complies with this standard.

But even if ready-made policies have been made, for many it can be a threshold to get started and get it implemented. In addition, you should be able to report on it, which is not as easy for everyone, especially managers who are not versed in the portal to the cloud platform.

Implementation and reporting

Through our Cloud Cop product, you can implement the necessary Azure policies quickly and easily. And not least, present simple dashboards that show ongoing status right from the control sets, control ID, associated policy and all the way down to platform components, in addition to get notification.

Then a leader in an organization will be able to have direct access to reporting status (both present and historical) without having to involve a technical apparatus every time.
In this way, a manager can report even during audits without having to involve technical equipment, and rather involve them only when specific deviations have been identified.