4 Steps to ISO 27001 Compliance – Start with Risk Management in Jira

March 6, 2024

Being an ISO 27001-compliant company means that you protect your information assets and client data against possible data breaches. It supports your business growth as it builds trust in your company and your products.

In the hopes of achieving ISO 27001 compliance quickly, many companies purchase a huge ISO 27001 requirements checklist and templates for their ISMS. More often than not this “one-size-doesn’t-fit-all” solution turns out to be too much – your ISMS might only be a fragment of it.

Instead of starting from such an all-encompassing solution, start from what you have (your assets), possible risks related to them and how you can protect yourself against them (ISO 27001 controls). This approach will help you establish your actual ISMS scope, focusing on managing the risks of your information assets.

4 Steps to Start your ISO/IEC 27001 Compliance Journey

STEP 1: Identify your Assets (databases, systems and processes that include customer data, intellectual property, financial information, etc.);

STEP 2: Analyse the related threats and vulnerabilities for each asset;

STEP 3: Evaluate the potential likelihood and consequences of threats and vulnerabilities;

This step helps you find all the critical risks.

STEP 4: Select and apply suitable Control(s) for each Risk.

This step helps you create a Risk Treatment plan, which includes selecting and implementing applicable controls from the ISO/IEC 27001 list of controls.

How to manage Information Security Risks in Jira?

SoftComply Risk Manager Plus on Jira Cloud includes dedicated modules for information security risk management in Jira to support you in your compliance journey towards ISO 27001.

To fast-track your information security risk management, the app comes with a ready-made Risk Model for your information security risk assessment as well as an out-of-the-box Risk Register for your Asset-based Risk Management in Jira. The latter is a multi-sheet Excel-like spreadsheet where you can manage and link your assets to risks and ISO 27001 controls.

The Dedicated Modules for your information security risk management in the SoftComply Risk Manager Plus app are the following:

  1. The Information Security Dashboard provides you an easy way to monitor your progress towards ISO 27001 requirements. Here you can build a traceability matrix between the assets you have defined, the related risks for each asset that you have identified and the applicable controls from ISO 27001 that you have linked to the risks. This will help monitor the status of coverage between your assets, related risks and applicable controls.
  2. Object Registers for your Asset Management where you can define your organisation’s information assets, describe them and assign ISO 27001 controls to them. You can find the ISO 27001 controls already in the app as you install it.
  3. Last but not least, you can generate your Statement of Applicability directly from your Object Register or from your InfoSec Dashboard at any point in time or when you are ready for the audit.

How to Learn More

To learn more about Information Security Risk Management in Jira, feel free to try out the app or book a demo call the SoftComply team:

Table of Contents

Ready to get started?

Contact us to book a demo and learn how SoftComply can cover all your needs

13485 implementation guide
Picture of Marion Lepmets

Marion Lepmets

CEO
December 18, 2024

The Internet is full of articles about the implementation of ISO 13485. They talk about “Getting management support”, “Obtain The Documents And Study The Requirements”, “Develop An Implementation Plan”, “Evolution of a Quality Management System”, and other seemingly complex topics. Although comprehensive, most of these articles are self-serving, aimed at...

SaMD Guide to Compliance
Picture of Matteo Gubellini

Matteo Gubellini

Regulatory Affairs Manager
December 3, 2024

Introduction The first contact with the Medical Device regulatory world is a shock for most startups. These companies usually have excellent technical and clinical ideas on how to improve the patient’s life, but little knowledge of the legal burdens required to bring the medical device to the market. The technical...

e-signature
Picture of Matteo Gubellini

Matteo Gubellini

Regulatory Affairs Manager
November 26, 2024

What is an “Electronic Signature”? Electronic signature means a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual’s handwritten signature. (21 CFR 11.3) In other words, to Electronically Sign a document means to...