Duplicate » admin by request

Looking to get ISO Certified? We Can Help.

Digital artwork of black dots connected by black lines on a white background.
Sophie Dodson

Sophie Dodson

A tech-savvy author, seamlessly integrating computer science and computer graphic design expertise for a precision-focused approach in her writing, currently specializing in cybersecurity topics.

Looking to get ISO Certified? We Can Help.

It’s 2022 and, chances are, compliance is a key talking point on the immediate agenda at your enterprise.

It may stir excitement (we see you, Compliance Officers 👋🏽), or make you roll your eyes (the rest of us), but at the end of the day, no business wants to end up facing criminal charges for breaking the law – and that’s where compliance standards and frameworks come in.

There’s a fair few of them floating around, take CCPA, HIPAA, GDPR, SOC 2, ESG, HI-TRUST, CSA STAR for example. Some have various letters and numbers appended, referring to various focus-areas, but today we’re focusing on one of the certifications that we can actively help your organization to achieve:

  • ISO 27001 – The International Organization for Standardization 27001, Information Security Management Systems

ISO for Dummies

Part of the ISO / IEC 27000 series, ISO 27001 is all about efficiently and effectively handling information security through the adoption of an Information Security Management System (ISMS). It’s suitable for organizations of any size and, as an international standard, is recognized globally.

Advisera’s ISO 27001 Academy describes the standard as aiming to protect the following three aspects of information:

  1. Confidentiality – Only the authorized persons have the right to access information.
  2. Integrity – Only the authorized persons can change the information.
  3. Availability – The information must be accessible to authorized persons whenever it is needed.

Achieving this certification ain’t easy, oh no. The process is arduous, lengthy, and soul-destroying (trust us – we’ve just gone through it ourselves), but it’s worth it.

It feels good, looks good to your existing, prospective, and potential customers (as well as existing and future suppliers), but most importantly, it does what it sets out to do: manages risk, minimizes errors, and ensures all operations are conducted responsibly and safely. What follows is sustainability, employee satisfaction, and a continually improving and competitive company.

So, to the million-dollar question: how can we help you get certified?

PAM-Related Controls in ISO 27001

If you’ve started the ISO-certification process, you’ll be aware that there is an abundance of requirements your organization must implement and show proof of in order to pass audit, in the form of security controls.

Some of these controls relate directly to Privileged Access Management (PAM); take the following Annex A controls:

  • A.9.2 User Access Management – A.9.2.3 Management of privileged access rights. Control: The allocation and use of privileged access rights shall be restricted and controlled.
  • A.12.5 Control of Operational Software – A.12.5.1 Management of privileged access rights. Control: Procedures shall be implemented to control the installation of software on operational systems.
  • A.12.6 Technical Vulnerability Management – A.12.6.2 Restrictions on software installation. Control: Rules governing the installation of software by users shall be established and implemented.

Kill Two Birds with One Stone

So, let’s say you didn’t set out looking for a PAM solution, but you are in the midst of working towards your ISO cert – we can help you kill two birds with one stone: compliance and security.

Admin By Request tackles User Access Management (Control A.9.2) by allowing the instant removal of your users’ local admin rights, and the ability to view and manage which users have what privileges via a user-friendly Portal. It’s not all about restriction though: your now-standard users are able to gain elevated access on an as-needed, Just-In-Time basis – ticking off the ISO requirement, ensuring security for your endpoints, while maintaining user-productivity.

When it comes to controlling software installs (Controls A.12.5 and A.12.6), users must gain elevated privileges before they can download files and install applications. To gain elevation, they need to provide a reason for the install and, depending on your User Portal settings, wait for remote approval from an IT admin before it can go ahead. An extra layer of security comes in the form of OPSWAT MetaDefender’s multi-scanning tool, which scans all downloaded files with over 35 antimalware engines, with malicious files flagged and quarantined to be dealt with. Again, meeting ISO controls while protecting your network and organization from malware and cyberattacks.

There’s a whole lot more that comes with the Admin By request solution, such as an extensive Auditlog which monitors and records all elevated activity, a comprehensive hardware and software inventory of all of your connected devices, Break Glass / LAPS-replacement feature to create temporary local admin accounts, detailed Reporting capabilities, the ability to lockdown endpoints to a single user, and more… but let’s talk about getting you ISO certified before we go into all that.

Get in Touch

ISO certification is a mammoth process, but adopting an effective Privileged Access Management solution is a cost-effect and sure-fire way to tick off a number of controls and help get you over the line – while also providing comprehensive security for your entire enterprise.

Get in touch with us today for compliance AND security.

Latest Blogs

Share this blog to your channels:

© 2024 ADMIN BY REQUEST

Data Processing | Terms & Conditions | Privacy Policy

Get the Admin By Request Free Plan

Workstation Edition

Fill out the form with your work email and we’ll display your credentials here, as well as send them to your inbox.

Book a Demo

Orange admin by request circle tick logo. » admin by request
Fill out the form below to request a free demo of our product.