Seclore FileSecure for easy compliance with ISO 27001

Increasing data volumes in the organization and continually evolving threats that can put it’s very existence at risk require high protection levels. Security controls must look at specific functions and provide protection in a manner that does not hamper normal business operations yet builds security into the DNA of the organization culture.

Many organizations have implemented an Information Security Management System (ISMS) conforming to ISO 27001 and are engaged in the continuous maintenance of the same in order to conform to the requirements of the standard. Within the above scenario, the organization must look at the inclusion of Information Rights Management (IRM) as an essential practice as it helps address the high risk area of document / information sharing and provides compliance with a number of ISO control objectives.

An IRM solution provides control on the distribution of information within and outside the organization, enabling management of the complete lifecycle of the data asset. Compliance with CO 6.2.2 (External Parties: Addressing security when dealing with customers) and CO 7.1 (Responsibility of Assets for inventory, ownership and acceptable use) is enabled since the IRM solution will allows the ownership of the document to be retained by the organization not just for documents that are shared with internal or external partners. A robust IRM solution will allow management of the inventory of floating copies of the document and ensure a risk classification at the time of creation. Document inventory and classification is a big issue as it requires additional effort (besides the creation of the document) and is usually considered to be a bother. However, the Seclore IRM solution provides a user friendly interface that allows the user to be able to classify and include management controls for the document.

The solution provides reasonable compliance with a number of additional ISO controls, such as Classification Guidelines (CO 7.2); Monitoring (10.10) for audit logs, use etc and protection of logs; Access controls (11.6); Cryptographic Controls (12.3); Incident / Event Reporting (13.1) and Compliance (15.1).

Managing data / document rights over the network using the Seclore IRM solution provides the organization with a wide range of functionalities that allow controls to be embedded into a user friendly system or included on-the-fly. As such, document classification is done by the user at the time of creation and this asset is monitored by Seclore FileSecure as it is accessed in and outside the organization with all locations and actions being logged. A high level of cryptographic controls are enabled and document access is restricted with unauthorized access and any malicious incidents being reported.

With this range of features aligned with industry best practices and standards the system automatically provides a high level of legal and regulatory compliance and this is true for the Seclore IRM solution too. It addresses data protection requirements, enables privacy controls and cryptographic controls regulations.

An IRM solution provides a reasonable level of compliance with a number of controls prescribed by ISO 27001 while automating manual processes in the document / data lifecycle and ensuring that ownership, along with complete control, always remains with the organization and that the assets always remain protected.