Compliance Solutions

How IS Decisions can help your business address network and information access for ISO 27001 compliance

ISO 27001 is arguably the global ‘gold standard’ for information security. The first in the family of standards from the International Organization for Standards, its relevance spans industries, and certification of compliance is a powerful indication to customers that you take security seriously.

Taking a top down, risk-based approach, ISO 27001 (and ISO 27002, which details more specifics on security controls) is designed to be technology neutral. However, it does define the required elements of a strong approach to security in granular detail, relating to organization of information through to management of human resources.

Management and organization of information, restriction and access control, monitoring and lines of responsibility are all elements of ISO 27001/2, and IS Decisions’ software UserLock and FileAudit can allow you to address a lot of the requirements.

Become ISO 27001 compliant with IS Decisions solutions

ISO 27001 Compliance Logo

Here is a helpful checklist of ways in which UserLock and FileAudit protect the network - and sensitive information within - against unwanted access, to help you on your way to becoming ISO 27001 compliant.

Section A9: Access Control

« Users should only be provided with access to the network and network services that they have been specifically authorized to use. Access should be controlled by a secure log-on procedure and restricted in accordance with the access control policy. »


Do you give all users unique login credentials?

Ensures that nobody can log on to the system without uniquely identifiable credentials.


Do you enforce the secure use of passwords and verify a person is the one claimed?

Strengthens unique network login credentials with context-aware access restrictions and user reminders, which help verify that a person seeking access to the network and the information within is genuinely who they say they are.


Do you restrict users from sharing logins?

Prevents concurrent logins with the same set of user credentials — helping to eradicate dangerous password sharing practices.


Do you restrict network access on a job-role basis?

Enables the administrator to set granular access rights to different types of employees to ensure that they can only access the information they need to do their job.


Do you review network access for employees who change roles in the organization?

Enables administrators to easily change access rights (permanently or temporarily) for individual users, groups of users, or organisational units.


Do workstations automatically log users off the network following a period of inactivity?

Automatically logs off a session after a specific length of idle time to prevent unauthorised users accessing patient information from unattended workstations. What’s more UserLock can set authorised timeframes for certain users’ access and force workstations to log off outside these hours.


Section A12: Operations Security

« Event logs recording user activities, exceptions, faults and information security events should be produced, kept and regularly reviewed. »


Can you attribute session duration and actions on the network to individual users?

Helps administrators verify all users’ identity at any time, making users accountable for any activity — malicious or otherwise.


Do you monitor access to the network?

Monitors all logon and logoff activity in real time to ensure that the only people who can access vital data are the people who need to. UserLock alerts administrators to any suspicious, disruptive or unusual logins based on time, location and device.


Do you monitor specific actions on files or folders, like copying, moving and deleting?

Monitors all files and folders in real time on your network and records all actions that users take when making modifications. It verifies that users have not altered or destroyed patient information in an unauthorised manner.


Do you conduct regular security audits or reports?

Records, audits and archives all network logon events, across all session types, from a central system.

Audits all access and changes to files and folders, and immediately alerts administrators to suspicious behaviour.


Find out more for yourself with our FREE 30Day Fully Functional Trials