DISC's ISO 27001:2013 assessment is performed to measure conformance with ISO 27001:2013 specification requirements (clause 4-10) and ISO 27002 controls. Eliminating risk is seldom a viable option in practice: risk management and reduction is the aim.
DISC ISO 27K assessment include:
DISC gap assessment includes three or six level rating (CMMI) matrix of your choice for each control, category and domain.
Start your ISMS project with ISO27001 2013 Documentation Toolkit
ISO/IEC 27001 2005 to 2013 Gap Analysis Tool (Download)
Download ISO27000 family of information security standards today!
• ISO27001 2013 ISMS Requirement (Download now)
• ISO27002 2013 Code of Practice for ISM (Download now)
Capability Maturity Model Integration (CMMI) to ISO 27002
|Rating||CMM level||ISO 27002 level|
|0||Non existent||Complete lack of recognizable control|
|1||Initial||There is an evidence that security issue exist and needs to be addressed, however no control exist to tackle the issue|
|2||Repeatable||Security control is still in development with limited documentation|
|3||Defined||Security control has been documented and communicated through training, but it is left to individual to follow control|
|4||Managed||It is possible to monitor and measure security control compliance but management of the control is not fully automated|
|5||Optimized||Security control has been refined to a level of ISO code of practice, based on result of continuous improvement|
Quickly and easily carry out an ISO27001-compliant risk assessment with vsRisk, the cybersecurity risk assessment tool. vsRisk, the industry-leading ISO27001-compliant risk assessment tool, has simplified and automated the information security risk assessment process for many organisations across the globe, both large and small.