AI-powered. Integrated content.
Unique Hub & Spoke architecture.
ISO/IEC 27001: Understanding Security Domains
ISO/IEC 27001 Domains refer to the five core areas of information security management that must be addressed in order to comply with the ISO/IEC 27001 standard. These domains are: Information Security Policy, Organisation of Information Security, Asset Management, Access Control, Cryptography, Physical and Environmental Security, System Acquisition, Development and Maintenance, Incident Management, Business Continuity Management, Compliance. Each domain is further broken down into specific requirements that must be met in order for an organisation to be compliant with the standard. The Information Security Policy domain requires the establishment of an information security policy, the Organisation of Information Security domain requires the implementation of a security management structure and the definition of roles and responsibilities, the Asset Management domain requires the identification, classification and control of assets, the Access Control domain requires the implementation of measures to protect against unauthorised access to assets, the Cryptography domain requires the use of cryptography to protect assets, the Physical and Environmental Security domain requires the implementation of physical and environmental security measures, the System Acquisition, Development and Maintenance domain requires the implementation of security measures throughout the system development life cycle, the Incident Management domain requires the establishment of incident response procedures, the Business Continuity Management domain requires the implementation of measures to ensure business continuity, and the Compliance domain requires the implementation of measures to ensure compliance with applicable laws and regulations.
Hear from world-renowned GRC analyst Michael Rasmussen about 6clicks and why it's breakthrough approach is winning
Get up and running with 6clicks in just a matter of hours.
'Push-down' standards to teams
'Push' your standard templates, controls, and risk libraries to your teams.
'Roll up' analytics for reporting
Roll-up analytics for consolidated reporting across your teams.
Our customers have spoken.
They genuinely love 6clicks.
"The best cyber GRC platform for businesses and advisors."
David Simpson | CyberCX
"We chose 6clicks not only for our clients, but also our internal use”
Chief Risk Officer | Publically Listed
"We use Hub & Spoke globally for our cyber compliance program. Love it."
Head of Compliance | Fortune 500
"The 6clicks solution simplifies and strengthens risk, compliance, and control processes across entities and can grow and adapt as the organization changes and evolves."
GRC 20/20 Research LLC