A.15.2 Compliance with security policies and standards, and technical compliance

Objective: To ensure compliance of systems with organizational security policies and standards.

A.15.2.1 Compliance with security policies and standards

Managers shall ensure that all security procedures within their area of responsibility are carried out correctly to achieve compliance with security policies and standards.

A.15.2.2 Technical compliance checking

Information systems shall be regularly checked for compliance with security implementation standards.

Lumension Risk Manager provides a comprehensive view across hundreds of global regulations, mandates and internal policies improving the efficiency of controls and reducing risk. 

Lumension Risk Manager provides the capabilities to:

• Align business interests (sales and manufacturing processes, etc.) with IT assets (servers, workstations, applications, etc.), compliance regulations and control frameworks
• Define and model unique risk profiles across your IT assets
• Automate the gathering of compliance and IT risk assessment asset data through integration with Lumension and third party tools (i.e. vulnerability scanners, etc.)
• Benchmark risk assessments against IT control frameworks
• Report on risk,, compliance and remediation metrics across an entire regulation or internal mandate
• Prioritize potential risk by correlating IT assets to critical business processes