Case study

File Access Auditing for
IS0 27001 Compliance

  • Customer

    Cleaver Fulton Rankin

  • Industry


  • Geography

    United Kingdom

FileAudit satisfies the need for an audit trail for ISO 27001 very easily. Simple reports bring it all together for me and alerts show auditors that we can control access into the most sensitive folders.

Paul Rickerby
IT Manager at Cleaver Fulton Rankin

As law can apply to virtually any area of our professional lives, those working in the corporate legal profession such as Cleaver Fulton Rankin have perhaps access to a broader array of sensitive information than any other sector. From intellectual property, to the finer points of a company merger, through to sensitive financial information.

As one of Northern Ireland’s leading corporate law firms, the importance of integrity and reputation rests on their ability to protect this sensitive information. The certification of compliance to IS027001 is a powerful indication to customers that it takes security seriously.

The Challenge Ability to interpret file server access logs for IS027001 compliance

At the core of the ISO 27001 compliance mandate is the desire to keep sensitive data secure, only allowing access to those who need it for business reasons. To both know and demonstrate that this is the case requires visibility into who has access, who is using access, and what actions are being taken upon this protected data.

Cleaver Fulton therefore needed a granular and detailed audit trail that they could present to any auditors to demonstrate proper access controls were in place to protect sensitive information against unwanted access.

Previously limited to the data found in Windows Security Event logs, Paul Rickerby, IT Manager at Cleaver Fulton Rankin, described working with native Windows logs as “getting an awfully large lump of data that took hours to dig through to find or report on anything of value.”

Paul wanted a solution that could make it easier to monitor and record all file access and also be alerted to potentially suspicious behavior.

The Solution Monitor access to and usage of sensitive data – The Easy Way

Paul was looking for an intuitive third-party solution to provide the centralized monitoring and reporting of all file activity needed.

The capabilities required included:

  1. Real-time logging of all access and access attempts to files and folders across the Windows system.
  2. All audit log data needed to be easily accessible to be reviewed, filtered, searched etc.
  3. Automatic alerts based on matching criteria to actions deemed suspicious, or any access to certain highly sensitive folders and files.
  4. Ability to generate sharable reports that showed a granular and detailed audit trail.

On testing FileAudit, the installation and configuration of the software took about 15 minutes. Paul commented, “It just works out of the box. The initial set up was very straight forward and intuitive, with lots of good videos online to help. I also took advantage of a remote support session to help on more advanced criteria – the team proved to be very knowledgeable and made it all very easy.”

The Benefits Prove that compliance-specific access controls are in place.

In many cases, compliance requirements establish the security objective, and then provide details on how to test that the objective is being met. File auditing is your testing method to ensure the security you think you have around your protected data is actually doing its job.

Having FileAudit in place has helped Cleaver Fulton reach required appendices for the ISO standards.
FileAudit is used to demonstrate only approved access has occurred. Alerting and reporting can provide both real-time and historical detail - including identifiable factors like machine name, IP address, etc. Robust filtering capabilities help quickly answer the questions posed by auditors.

FileAudit shows key insights on the access to and usage of a particular data set.

FileAudit shows key insights on the access to and usage of a particular data set.

The need to have the access to and usage of sensitive data under close watch is critical to meeting these compliance objectives.

Paul said “It satisfies the need for an access audit trail for ISO 27001 very easily. Simple reports bring it all together for me and alerts show auditors that we can control access into the most sensitive folders. I would recommend FileAudit for compliance needs and better visibility on what’s going on your file servers.”

To learn more about how file auditing helps meet compliance objectives, read the whitepaper The Role of File Auditing in Compliance.

  • 20-day free trial

    Get your 20-day free trial now and secure your Windows network with FileAudit

    Download free trial

    Learn more about FileAudit

  • Challenge

    The company needed to reach the ISO 27001 compliance and have a better visibility on sensitive files.

  • Solution

    Installed in 15 minutes, FileAudit met the company’s file access and reporting requirements to protect particularly sensitive data contained on Windows File Servers.

  • Benefits

    FileAudit helps Cleaver Fulton Rankin meet the regulatory requirements of the ISO standard and get immediate visibility on sensitive file and folders. Alerts and reports help keep an eye on file server.

Video Presentation
FileAudit video Watch the video
Some other FileAudit customers