How Setyl helps organizations achieve ISO 27001 certification

Explore the key areas of ISO 27001 that Setyl can help you address to navigate your security audit.

Last updated 

August 20, 2024

Setyl plays a significant role in helping organizations mitigate security and compliance risks, including achieving ISO 27001 and other security certifications. 

From streamlining asset management processes, to strengthening information security controls and ensuring compliance with the standard's requirements, discover the 7 key areas that Setyl can help you successfully address to prepare for your audit.

About ISO 27001

ISO 27001 (officially ISO/IEC 27001) is an international standard for information security management systems (ISMS). It provides organizations with guidance on establishing a systematic approach to managing sensitive company information. 

Implementing this framework helps you secure your data, reduce and respond to (cyber) risks, improve operational efficiency and save costs.

How Setyl helps you prepare for your ISO 27001 certification

Setyl can help you address several key components of ISO 27001, including:

  • Asset management: Identification and management of IT and other assets.
  • Access control: Ensuring only authorized individuals can access sensitive information.
  • Risk assessment: Identifying and managing risks to information security.
  • Compliance: Adhering to applicable legal and regulatory requirements.

Specifically, Setyl assists with the following areas of ISO 27001:

  1. Asset management (clauses 8.1 and A.8): Tracking of hardware, software, SaaS and more assets.
  2. Risk assessment and treatment (clauses 6.1 and A.12): Identifying risks and implementing controls.
  3. Access control (clauses 9.1 and A.9): User management and access permissions for securing assets.
  4. Change management (clauses 8.3 and A.12.1): Monitoring and documenting changes to asset configurations.
  5. Documentation and evidence collection (clause 7.5): Ability to attach and manage relevant documentation to assets.
  6. Monitoring and reporting (clauses 9.2 and 9.3): Compliance records and activity logs for audits and reviews.
  7. Vendor management (clause A.15): Monitoring and managing third-party relationships and contracts.

Read on to dive further into each of these areas, and how the Setyl platform and our dedicated compliance features can support your audit preparation.

“My auditor was blown away when he saw what we are doing with Setyl. It's been a phenomenal tool for internal due diligence and I use it as my show and tell for my leadership team.”
Steven Rose
IT & Security Lead at Teamwork

Setyl and ISO 27001: How Setyl helps in detail

1. Asset inventory and management

ISO 27001 clauses 8.1 (Operational Planning and Control) and A.8 (Asset Management) require maintaining a detailed asset inventory.

Representation of the Setyl IT asset and license management platform, showing a range of systems pointing into Setyl, and on the other end an inventory of hardware and software assets.

2. Risk assessment and treatment

ISO 27001 clauses 6.1 (Actions to Address Risks and Opportunities) and A.12 (Operations Security) involve identifying risks and implementing controls.

  • Asset criticality and risk ratings: Setyl allows you to identify assets by criticality and restrict access accordingly. Custom notes allow you to further record high-risk or critical asset statuses.
  • Asset discovery and classification: Discover and classify assets and applications, helping to identify potential critical assets and applications that may pose security risks. 
  • Policy compliance: Ensure assets adhere to security policies and procedures, supporting risk mitigation. Keep a record of when employees take ownership of critical assets and sign off on acceptable use policies.
  • Maintenance scheduling and monitoring: Schedule and monitor maintenance activities, ensuring assets are regularly updated and patched. See a record of an asset’s maintenance history if a security incident occurs.
Setyl’s shadow IT detection functionality, showing a list of assets and apps which have been detected via an MDM or RMM integration and login or IAM integration respectively.
Setyl’s shadow IT detection functionality 

3. Access control and security

ISO 27001 clauses 9.1 (Monitoring, Measurement, Analysis, and Evaluation) and A.9 (Access Control) emphasize controlled access to information assets.

  • User access management: Setyl provides features for tracking and managing user access to various assets, ensuring that only authorized personnel have access to edit or view assets.
  • Audit trails: Maintain detailed audit logs of access and changes to assets, crucial for demonstrating compliance and investigating security incidents.
Setyl’s user permission management feature, showing a list of users, their status (active, onboarding etc.) and their role within the ITAM platform.
Setyl’s user permission management feature

4. Configuration and change management

ISO 27001 clauses 8.3 (Change Management) and A.12.1 (Operational Procedures and Responsibilities) require controlled changes to information systems.

  • Configuration tracking: Document asset configurations to ensure they meet security requirements.
  • Change history: Maintain a record of changes made to assets, which helps in auditing and ensuring compliance with change management procedures.
Setyl’s activity log overview, showing different tasks logged on different dates and times, including the unassignment of licenses and IT asset description updates.
Setyl’s activity log overview

5. Documentation and evidence collection

ISO 27001 clause 7.5 (Documented Information) involves maintaining and controlling documentation for compliance.

  • Asset documentation: Setyl allows attachment of relevant documents, policies, and procedures to asset or vendor records.
  • Compliance records: Store records and evidence required for ISO 27001 audits and compliance verification.
Setyl as a comprehensive information asset register, showing a list of hardware and software assets, alongside related information such as admins, assignees, locations and statuses.
Setyl as a comprehensive information asset register

6. Monitoring and reporting

ISO 27001 clauses 9.2 (Internal Audit) and 9.3 (Management Review) require regular monitoring, reviewing, and auditing of the ISMS.

  • Status and activity logs: Setyl provides visibility into asset status and usage, helping to detect and respond to security incidents.
  • Custom audit reminders: Set custom reminders to ensure internal audits are carried out regularly, and log completion dates and audit administrators.
  • Archiving: Logical archiving ensures records are never deleted from Setyl. Changes to an asset can be viewed from the beginning of an asset’s lifecycle until the end.
Setyl’s Compliance Overview feature for applications and vendors, showing a list of vendors and checkmarks under whether they meet ISO 27001 and SOC 2 requirements.
Setyl’s Compliance Overview feature for applications and vendors

7. Vendor and contract management

ISO 27001 clause A.15 (Supplier Relationships) covers managing third-party risks and supplier agreements.

  • SaaS and vendor management: Setyl tracks SaaS subscriptions and vendor relationships, ensuring compliance with third-party security requirements. Vendor onboarding audits ensure vendors are in compliance with your policies and procedures, and keeps a record of the audit.
  • Contract compliance: Manage contracts and service agreements, ensuring they include the necessary security provisions. Attach appropriate contracts to assets or vendors. 
“Having managed the ISO 27001 for the organization in the past, I know that Setyl will make audits so much easier.

"I can quickly locate any asset, see its history and access all related documents — even for assets we’ve disposed of. We’re also recording all vendor information into the platform. It brings so much visibility and efficiency. I no longer have to hunt for spreadsheets, worry about whether they’ve been updated, or scramble to piece together evidence."
Adam Gleed
Head of Information Security at Nourish
Read the full case study

For more information on how Setyl can help your organization prepare for an ISO 27001 audit and other IT safeguarding measures, speak to one of our specialists.

Related information

13 ways IT asset management (ITAM) drives cost savings

Discover how an integrated ITAM platform helps you eliminate wasted IT costs and optimize spending.

Integrated ITAM: The missing layer of cybersecurity

Learn about the crucial role of integrated IT asset management in any effective cybersecurity strategy.

Shadow IT: What is it and why should you care?

Discover the challenges posed by shadow IT in today's tech-driven workplace.

Learn more about Setyl

Book a demo
View plans
Close Cookie Popup
Cookie Settings
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts. More info
Accept All Cookies
Cookie Settings
Close Cookie Preference Manager
Cookie Settings
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts. More info
Strictly Necessary (Always Active)
Cookies required to enable basic website functionality.
Accept All Cookies
Save Settings
Made by Flinch 77
Oops! Something went wrong while submitting the form.