Contact UsCentre Of Excellence

SGS 27k: Cost Effective Security Management

Aligning with ISO27001 - through compliance or certification - is the recognised way for organisations to achieve and maintain cost effective information security.

Whether you are the Head of Security, a Security Manager or an Auditor, the Security Governance System (SGS) makes it faster and easier to align your organisation with ISO27001. Co-designed with BT, SGS 27K is the only online system on the market to help you manage the entire ISO27001 process. As well as improving the quality of your ISO27001 projects, SGS 27K will save you up to 50% of the effort involved with the management of compliance or certification.

Full Integration of the ISO 27K Workflow Process

SGS 27K manages the whole process of ISO27001 including establishing, implementing, operating, monitoring, reviewing, maintaining and improving your ISMS, allowing you to manage the 'Plan', 'Do', 'Check' and 'Act' approach to security management.

  • Visual representation of the full ISO 27k process
  • Step-by-step planning and monitoring of the certification life-cycle
  • Time line projections of future and past certification events

Manage All Data Registers

Managing your data is an integral part of ISO27001. A feature of SGS 27K is the ability to store, maintain and integrate data registers across your certification project.

  • Asset register
  • Asset Risk register
  • Certification Risk register
  • Action register
  • Incident register

Easily Perform Asset Risk Assessments

Risk Assessments should be robust, auditable and repeatable. Therefore SGS 27K enables you to perform your risk assessments easily and efficiently.

  • Advanced Asset Impact definition
  • Rapid & User friendly Risk Assessment
  • Backed up by Threat library
  • Customizable U.I. adapting to user's Risk Appetite
  • At-a-glance visualisation of Risks on any asset

Automatic and Manual Control Selection

SGS 27K achieves speed, cost and quality improvements by automating control recommendations when risk assessments have been performed on your assets. Replacing large amounts of manual paperwork with SGS 27K means all the stakeholders in the process have more time to concentrate on their core competencies and vastly increases the probability of an organisation's next audit being passed first time.

  • ISO27002 recommended Control Library
  • Baseline Controls definition for compliance to mandatory policies
  • Risk based automatic Control Selection
  • User defined manual Control Selection
  • Summary view of Control inclusion/exclusion for the certification

Generate Mandatory ISO Documentation

Once you perform key tasks, SGS 27K outputs compulsory reports and documents essential for certification.

  • Risk Treatment Plan
  • Statement Of Applicability

Manage Your ISMF

SGS 27K will assist you in establishing your Information Security Management Forum (ISMF) in order to initiate and control the implementation of information security.

  • Rapid and user friendly planning of ISMF meetings
  • Automatic send by email of meeting invitations and minutes
  • Live capture of meeting actions, decisions and discussions
  • Outstanding actions automatically carried forward to future meetings
  • Quick access to information of previous meetings

Store All Certification Documents in a Central Location

ISO certification involves many files, documents and policies. SGS 27K allows you to easily manage all these documents in a secure and managed environment.

  • Central location for all certification-related documentation
  • Rapid & User friendly file upload
  • System wide template repository managed by the system administrator

Schedule and Record Findings for Internal Audits

Once you have established and implemented your ISMS, internal and external auditors will need to check whether your plan has been implemented effectively. SGS 27K has been designed with auditors in mind so that your audit is as smooth and transparent as possible.