ISO 27001

ISO 27001 focuses on establishing, implementing, maintaining, and improving an information security management system (ISMS). It is the best-known compliance standard within the ISO/IEC 27000 family of standards, which covers the overall safety of information assets. By maintaining compliance with ISO 27001 controls, an organization of any size in any business sector can help protect digital information such as intellectual property, financial information, employee details, and more.

ISO 27001 Compliance

ISO 27001 is divided into two different sets of clauses that promote information asset security:

Clauses 1-10 broadly focus on creation and implementation of an information security management system.
Annex A contains 114 controls specifically concerning application of a risk management process.

To be ISO 27001 compliant, an organization should address clauses 1-10 in addition to applicable Annex A controls. These controls are determined through Clause 6.1.2, which requires an organization to perform a risk assessment, and Clause 6.1.3, which mandates applying the necessary Annex A controls to treat the identified risks.

For example, Annex control A.17.1.2 concerns "Implementing information security continuity," which organizations using AWS RDS can address by requiring RDS instances to have multiple subnets. Organizations using Google Cloud can ensure SQL database instance automated backups are enabled.

While it's important to review all ISO 27001 clauses and controls for overall compliance, the following Annex A controls are the most relevant for organizations in the cloud.

A.6 Organization of information security

A.8 Asset management

A.9 Access control

A.10 Crytography

A12 Operations security

A.13 Communications security

A.14 System acquisition, development, and maintenance

A.17 Information security aspects of business continuity management

GET DEMO

Detect Compliance Violations

Fugue continuously evaluates your cloud environments for ISO 27001 compliance violations with predefined rules mapped to ISO 27001 compliance controls. If a resource is determined as non-compliant, an alert will be sent to notify the compliance team. The compliance team can then determine whether to correct the non-compliant resource and set an established baseline for future enforcement.

VIEW DEMO

Detect Compliance Violations

Enforce Baselines with Codeless Auto-Remediation

Fugue utilizes baselines to auto-remediate and correct compliance violations via self-healing. A baseline is a known-good configuration state for resources agreed upon by stakeholders. With baseline enforcement, misconfiguration is automatically corrected back to the ISO 27001-compliant baseline without writing automation scripts.

GET DEMO

Enforce Baselines with Codeless Auto-Remediation

Report on Compliance Posture

Fugue makes it easy to report on your ISO 27001 compliance posture. Detailed reports, dashboards, and visualizations are available to easily track and monitor your cloud resources. Daily or weekly reports highlighting compliant and non-compliant resources can be emailed to executives or auditors to show proof of compliance.

VIEW DEMO

Compliance Overview

ISO 27001 Compliance for Cloud Infrastructure

Detect Compliance Violations

Enforce Baselines with Codeless Auto-Remediation

Report on Compliance Posture

Learn More

Get Started with Fugue Today

Trending Topics

Cloud Security Posture Management

Infrastructure as Code and Security

AWS Cloud Security

Azure Cloud Security

Cloud Security for Google Cloud Platform

DevSecOps for Cloud Infrastructure Security

CIS AWS Foundations Benchmark

CIS Azure Foundations Benchmark

Fugue Best Practices Policy Framework

GDPR

HIPAA

NIST 800-53

PCI

SOC 2 Cloud Compliance

Popular Blogs

Five Steps to a Secure Cloud Architecture

An Introduction to Cloud Security for Infosec Professionals

9 Questions You Should Ask About Your Cloud Security

Events

News

Fugue Extends Cloud Security Market Dominance in Customer Satisfaction, According to G2 Report

Snyk Acquires Fugue, Enters Cloud Security Market

Fugue Achieves AWS Security Competency Status

Fugue Leads Cloud Compliance Market in Customer Satisfaction, According to G2 Report

Fugue Leads Cloud Security Market in Customer Satisfaction, According to G2 Report

Fugue Adds Centralized Multicloud Security Visibility and Policy-Based Governance Capabilities

Fugue Adds AWS Well-Architected Framework to Its Policy as Code Engine for Full Life Cycle Cloud Security

Fugue and CWS Team Up to Close Enterprise Cloud Security Gaps with End-to-End Policy as Code Enforcement

Fugue Adds Kubernetes Security Checks to its SaaS Platform and Open Source Regula Project

Fugue Announces Unified Infrastructure as Code and Cloud Runtime Security

Resources

Submit a Ticket

Documentation

Pricing

API

Guarantee

Login

Contact Us

Security

Privacy Policy

Careers

Schedule Demo

Product Videos

Press

Events

Library