How to Utilize Whistic’s Questionnaire based on ISO 27001

July 16, 2019

At Whistic, we’re on a mission to provide the most in-depth, secure standards and regulations to our clients. This means that we’re constantly updating and adding new standards to our security assessment platform, making it easier than ever before for companies to conduct security reviews and keep their data secure. We’re happy to announce that we have implemented a Whistic Questionnaire based on the ISO 27001 International Standard. Here, we’ll run through the history and origins of ISO 27001 and what organizations need to know about this security standard.

ISO 27001 is one of the most well-known and well-used security standards in the world. The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) created a joint technical committee, ISO/IEC JTC 1, whom both prepare International Standards with input from other international organizations, both governmental and non-governmental. The most recent version was written by some of the world’s top InfoSec experts and was published in 2013.

For further reference, ISO 27001, technically termed ISO/IEC 27001:2013, differs from ISO 27002 on a number of fronts — one of which is the level of detail each contains. The ISO 27002 explains one control on one whole page each inclusive of best practice recommendations focused on the specific control implementation, while ISO 27001 lists only one summary sentence for each control. Most importantly, ISO 27002 is a guidance document without an available certification, whereas ISO 27001 is a standard that an organization can be certified against.

ISO 27001 takes a systematic approach to vendor risk management in that is focuses on running standard risk assessments and compliance checks and then provides suggestions and action plans to both treat and prevent issues like this from happening in the future.

One of the biggest benefits of ISO 27001 is that it proactively identifies how businesses are utilizing resources and tools incorrectly, which is often what results in compliance gaps or security threats in the first place. ISO 27001 provides documentation and guidelines on how to format, implement, and set up these technological tools in a way that is compliant and secure.

What You Need to Know about ISO 27001

ISO 27001 has been picking up steam in the U.S., but the details are still widely unknown to some. Here are some key facts you need to know about ISO 27001:

  • ISO 27001 is an international standard that can be implemented for any kind of organization (large, small, private, public, etc.) without limitation.
  • The ISO 27001 standard was built in part to make it easier for organizations to implement a secure, compliant Information Security Management System (ISMS).
  • The standard is considered a best practice standard in InfoSec ranking systems around the world.
  • ISO 27001 implementation often requires the input and focus of nearly every single department in an organization to ensure there are no gaps in security coverage.
  • An ISO 27001 certification highlights an organization’s adherence to all ISO 27001 standards and regulations.

Along with the other highly utilized standards housed in Whistic, the Whistic Questionnaire based on ISO 27001 also contains 11 security control clauses inclusive of 39 security categories.

The eleven security control clauses contained in the Whistic Questionnaire, include:

a) Security Policy

b) Organizing Information Security

c) Asset Management

d) Human Resources Security

e) Physical and Environmental Security

f) Communications and Operations Management

g) Access Control

h) Information Systems Acquisition, Development and Maintenance

i) Information Security Incident Management

j) Business Continuity Management

k) Compliance

Whistic’s Questionnaire Based on ISO 27001

While ISO 27001 is a standard you want to measure your own company against, it may very well be a standard against which you want to measure your third party vendors as well. Assessing against ISO 27001 standards manually can take serious time and resources, not to mention any third-party consultant work.

Whistic’s intelligent scoring algorithm, termed CrowdConfidence ScoreTM helps any business see how vendors stack up at a glance against any industry standard questionnaire.

With Whistic’s questionnaire based on ISO 27001, organizations are able to utilize a streamlined security assessment platform to efficiently walk through the control areas that make up this standard with as little company-wide disruption as possible.

InfoSec teams can quickly access Whistic’s Questionnaire based on ISO 27001 standard information alongside other questionnaires and assessments, making Whistic a one-stop-shop for all things InfoSec and data security.

If you want to learn more about Whistic’s Questionnaire based on ISO 27001 or any other standards available within the Whistic Platform, talk to a Whistic specialist today.

Risk Management information security cybersecurity cloud computing iso 27001

About the author


The latest insights and updates on information security and third party risk management.

Hate security reviews?
Want FREE AirPods?*

Offer valid for any decision-maker/influencer in relation to your company’s third-party risk management strategy. Company size must exceed 100 employees. Exclusions apply. Limit 1 pair per company.