About ISO/IEC 27001

The purpose of the ISO/IEC 27001 standard is to ensure adequate security controls are set up to protect information assets.

ISO/IEC 27001 is an international standard that specifies compliance requirements for establishing, implementing, maintaining and continuously improving an information security management system (ISMS). ISMS is designed to help manage IT-related risks and protect the confidentiality, integrity and availability of information.

ISO/IEC 27001 is a voluntary standard and applicable to organizations across all industries. Getting certified against it means adopting best practices in establishing an effective ISMS and demonstrating to your stakeholders a commitment to maintain a high level of information security.

Capabilities of Netwrix Auditor

Using Netwrix Auditor to ensure a successful ISO/IEC 27001 certification process and maintain an effective ISMS

To set up a compliant ISMS, organizations need to undertake joint administrative, technical and physical initiatives. Netwrix Auditor assists in continuous compliance with ISO/IEC 27001 standard and strengthens the ability to protect your IT environment against cyberattacks and insider security threats.

Strengthen security of data by auditing your IT systems

Keep track of what’s happening in your IT infrastructure to protect sensitive or confidential data from unwanted changes and unauthorized access.

Streamline ISO/IEC 27001 certification audits with out-of-the-box compliance reports

To achieve compliance with the ISO/IEC 27001 standard, use predefined reports mapped to the security controls you need to show are in place.

Quickly answer detailed questions from auditors

If auditors request information that is beyond the scope of the predefined reports, use Interactive Search to quickly find the answers.

Enable long-term archiving of audit data to ensure continuous ISO/IEC 27001 compliance

Remaining ISO/IEC 27001 certified requires regular re-certification and periodic surveillance audits. Make sure you have historic audit data available to prove your ISMS has improved and security requirements have been fulfilled.

See which ISO/IEC 27001 requirements Netwrix Auditor helps you meet

While ISO/IEC 27001 defines compliance requirements for an ISMS, it does not provide specific guidelines for setting up information security controls. However, Annex A provides a list of security controls that could be set up within an ISMS. These controls are derived from ISO/IEC 27002, which contains 14 sections with a total of 114 controls.

Netwrix Auditor assists with fulfilling security controls in the following sections:
Find more detailed information about which Netwrix Auditor reports can be used to address specific ISO/IEC 27001 requirements.
Download Netwrix Auditor Report Mapping (.pdf)

Organizations choose Netwrix Auditor to help them become — and remain — ISO/IEC 27001 certified

"We needed to pass compliance audits with a very limited budget, so we found Netwrix Auditor for Active Directory, which met all our requirements. On top of everything, it is a very easy solution to install and use. When you have to meet compliance regulations and establish IT auditing, I would recommend you take a close look at what Netwrix can offer."

Philippe Mermuys, Information Security Officer,

Allianz Benelux