How Covalence simplifies compliance: ISO 27001

This blog is part of a series of posts to highlight how Field Effect’s flagship product, Covalence, can help our customers attain their compliance goals. Whether it’s to mitigate risks, maintain a cyber insurance policy, or fulfill a contractual requirement, Field Effect knows how important it is for businesses to adhere to industry-standard compliance frameworks.

The good news is the right cybersecurity solutions can empower your organization to achieve and maintain compliance with numerous frameworks, including ISO 27001.

Why comply with ISO 27001?

ISO/IEC 27001 has been referred to as “the world's best-known standard for information security management systems (ISMS)”. It was originally published in 2005 by The International Organization for Standardization, with subsequent updates released in 2013 and 2022.

ISO 27001 is a risk-based (as opposed to rule-based) standard designed to work for organizations of all sizes. To comply with risk-based standards, organizations must complete a thorough risk assessment and, in the case of ISO 27001, identify how the 93 controls in Annex A can help reduce the impact and frequency of those risks.

How Covalence helps with ISO 27001 compliance

Here are a few examples of controls from the 2022 version of the standard, and how Covalence helps with compliance:

Control 5.7: Threat intelligence

Field Effect knows that most small and medium-sized organizations don’t have the time or resources to gather, analyze, and contextualize information about current and future cyberattacks.

Covalence employs industry-standard indicators of compromise (IOCs) along with our own threat intelligence to identify malicious activity, domains, botnets, ransomware, and other threats to your environment.

In addition, we can show you how to leverage your monthly Covalence Service Report as evidence during your next audit to show that we’re performing this function on your behalf.

Control 8.23: Web filtering

The Covalence DNS firewall provides a secure DNS service that reduces exposure to malicious content including known or suspected malicious websites, and websites sharing illegal content.

Annex A support

For many other Annex A controls, Field Effect Covalence supports ISO implementation by:

1. Providing real-time insight into the network’s security posture to identify non-conformities and allow the organization to resolve them before the audit to prove effective monitoring and continuous improvement.
2. Accelerating the audit process by supporting and encouraging evidence-linking.
3. Helping to build a stronger ISMS and have better security outcomes from your investment in ISO 27001 certification.

Integrated ARO mappings

Covalence delivers reporting to our customers through our proprietary threat alerting system of Actions, Recommendations, and Observations. AROs provide high-confidence alerts combined with actionable insights that allow organizations to easily understand the response required.

Covalence users can now enable their AROs to contain insights and control mapping to the compliance frameworks they care most about. Insights for the 2022 ISO 27001 standard will contain detailed advice on how to leverage the Field Effect portal to prepare for your next audit.

Here's an example of a Field Effect Insight:

Learn more about Covalence & ISO compliance

We've created an easy-to-read mapping guide for ISO 27001, which shows how Covalence can help our customers fulfill specific sections of the standard. This document is a great starting point to help you better understand the regulatory compliance landscape but, because every organization is different, we still recommend consulting with a regulatory auditor for your specific requirements.

Reach out to our team to get a copy of the ISO 27001 Compliance Mapping Guide today.