Duplicate » admin by request

Looking to get ISO Certified? We Can Help.

Digital artwork of black dots connected by black lines on a white background.

Looking to get ISO Certified? We Can Help.

It’s 2022 and, chances are, compliance is a key talking point on the immediate agenda at your enterprise.

It may stir excitement (we see you, Compliance Officers 👋🏽), or make you roll your eyes (the rest of us), but at the end of the day, no business wants to end up facing criminal charges for breaking the law – and that’s where compliance standards and frameworks come in.

There’s a fair few of them floating around, take CCPA, HIPAA, GDPR, SOC 2, ESG, HI-TRUST, CSA STAR for example. Some have various letters and numbers appended, referring to various focus-areas, but today we’re focusing on one of the certifications that we can actively help your organization to achieve:

  • ISO 27001 – The International Organization for Standardization 27001, Information Security Management Systems

ISO for Dummies

Part of the ISO / IEC 27000 series, ISO 27001 is all about efficiently and effectively handling information security through the adoption of an Information Security Management System (ISMS). It’s suitable for organizations of any size and, as an international standard, is recognized globally.

Advisera’s ISO 27001 Academy describes the standard as aiming to protect the following three aspects of information:

  1. Confidentiality – Only the authorized persons have the right to access information.
  2. Integrity – Only the authorized persons can change the information.
  3. Availability – The information must be accessible to authorized persons whenever it is needed.

Achieving this certification ain’t easy, oh no. The process is arduous, lengthy, and soul-destroying (trust us – we’ve just gone through it ourselves), but it’s worth it.

It feels good, looks good to your existing, prospective, and potential customers (as well as existing and future suppliers), but most importantly, it does what it sets out to do: manages risk, minimizes errors, and ensures all operations are conducted responsibly and safely. What follows is sustainability, employee satisfaction, and a continually improving and competitive company.

So, to the million-dollar question: how can we help you get certified?

PAM-Related Controls in ISO 27001

If you’ve started the ISO-certification process, you’ll be aware that there is an abundance of requirements your organization must implement and show proof of in order to pass audit, in the form of security controls.

Some of these controls relate directly to Privileged Access Management (PAM); take the following Annex A controls:

  • A.9.2 User Access Management – A.9.2.3 Management of privileged access rights. Control: The allocation and use of privileged access rights shall be restricted and controlled.
  • A.12.5 Control of Operational Software – A.12.5.1 Management of privileged access rights. Control: Procedures shall be implemented to control the installation of software on operational systems.
  • A.12.6 Technical Vulnerability Management – A.12.6.2 Restrictions on software installation. Control: Rules governing the installation of software by users shall be established and implemented.

Kill Two Birds with One Stone

So, let’s say you didn’t set out looking for a PAM solution, but you are in the midst of working towards your ISO cert – we can help you kill two birds with one stone: compliance and security.

Admin By Request tackles User Access Management (Control A.9.2) by allowing the instant removal of your users’ local admin rights, and the ability to view and manage which users have what privileges via a user-friendly Portal. It’s not all about restriction though: your now-standard users are able to gain elevated access on an as-needed, Just-In-Time basis – ticking off the ISO requirement, ensuring security for your endpoints, while maintaining user-productivity.

When it comes to controlling software installs (Controls A.12.5 and A.12.6), users must gain elevated privileges before they can download files and install applications. To gain elevation, they need to provide a reason for the install and, depending on your User Portal settings, wait for remote approval from an IT admin before it can go ahead. An extra layer of security comes in the form of OPSWAT MetaDefender’s multi-scanning tool, which scans all downloaded files with over 35 antimalware engines, with malicious files flagged and quarantined to be dealt with. Again, meeting ISO controls while protecting your network and organization from malware and cyberattacks.

There’s a whole lot more that comes with the Admin By request solution, such as an extensive Auditlog which monitors and records all elevated activity, a comprehensive hardware and software inventory of all of your connected devices, Break Glass / LAPS-replacement feature to create temporary local admin accounts, detailed Reporting capabilities, the ability to lockdown endpoints to a single user, and more… but let’s talk about getting you ISO certified before we go into all that.

Get in Touch

ISO certification is a mammoth process, but adopting an effective Privileged Access Management solution is a cost-effect and sure-fire way to tick off a number of controls and help get you over the line – while also providing comprehensive security for your entire enterprise.

Get in touch with us today for compliance AND security.

About the Author:

Picture of S Dodson

S Dodson

With a solid background in computer science and graphic design, my career kicked off writing tech manuals for various companies in both the software and hardware realms. I then side-stepped into marketing and found my passion in cybersecurity. I fuse my tech know-how with design skills to craft engaging blogs that spotlight cybersecurity for businesses. My main focus now is championing the marketing efforts of Admin By Request Zero Trust Platform, where my creative take on cybersecurity helps me create content that's enlightening, entertaining, and impactful. My articles have graced the pages of InfoSec Magazine and top-tier security websites like OPSWAT. I'm on a mission to stress the significance of cybersecurity and to showcase how Admin By Request is shaking things up by making enterprise solutions simple, intuitive, accessible, and affordable to organizations of all sizes, in any industry. My goal is to craft content that informs, intrigues, and motivates action, helping businesses understand the pivotal role of cybersecurity in the digital age we're now living in. Through my work, I aim to close the gap between technology and its real-world applications, keeping our audience well-informed, interested, and ready for the ever-evolving cybersecurity landscape. I bring a blend of extensive experience, deep expertise, recognized authority, and unwavering commitment to trustworthiness in cybersecurity. My goal? To make complex topics relatable and actionable for businesses of all sizes - just like Admin By Request strives to do.

Share this blog to your channels:

Get the Admin By Request Free Plan

Fill out the form with your work email and we’ll send your credentials to your inbox.

Book a Demo

Orange admin by request circle tick logo. » admin by request