This is largely due to both standards having a number of common principles, including; requiring senior management support, a continual improvement process, and a risk-based approach.
In fact, the risk assessment process specified by ISO 27001 takes a very similar approach to the NIST Risk Management Framework: identify risks to the organization’s information, implement controls appropriate to the risk, and finally, monitor their performance.
However, because the NIST Cyber Security Framework and Risk Management Framework were designed to be voluntary, it is difficult to prove compliance. There is no formal NIST certification (yet). This is particularly unfortunate for organizations that must comply (as mandated by former US President Donald Trump’s Executive Order 13800).
ISO 27001, meanwhile, has an international presence that many organizations recognize and trust. Moreover, organizations can achieve external, accredited certification to the standard – an excellent way of demonstrating at least partial compliance with the NIST frameworks.
If you want to know how these ISO 27001 controls may relate to those in other frameworks like the NIST Cyber Security Framework or others, you can always get the NIST CSF to ISO 27001 mapping from Hailey.
If you would like more details on how ISO 27001 will benefit your organization, then contact 6clicks today. Here's how 6clicks automates your ISO 27001 compliance automation, quickly.
How about a whistle-stop tour with one of our 6clicks maestros? Easy, just click the button below and let the good times roll.
All we want to do, every day, is make the world of GRC easier to manage. We can't do that without you, so we hope to hear from you real soon!