English
Nederlands
Risk Management
Comprehensive risk analyses based on processes, information systems and/or suppliers. With threat models such as MAPGOOD or the OWASP Top 10, you quickly identify risks and draw up measures to mitigate the risk.
Progress monitoring and risk evaluation then ensure that these are adequately addressed.
Internal and External Audits
By periodically performing internal / external audits on standards frameworks and your own policy, compliance remains guaranteed. You supplement findings and non-conformities with new countermeasures.
Everything can be summarised in automated audit reports.
Supplier management
Your information security is only as strong ad it's weakest link. Base27 lets you stay ahead of third-party risks by registering your suppliers in one clear overview.
Keep track of dependencies, manage critical communication lines and make sure every third party meets your internal security requirements.
You don't need to be an expert in information security to get started with Base27
Base27 is designed to get you up and running straight away, with pre-filled structures, clear guidance and intuitive workflows. No need to memorise framework requirements or figure everything out from scratch.
Our system walks you through risks, controls and responsibilities at a pace and level that suits your organisation.
All frameworks always up to date. We take care of that for you.
Frameworks and regulations are constantly evolving. Our experts keep a close eye on every change and roll updates directly into Base27.
That way you're always working with the latest requirements, without having to track updates or interpret changes yourself. Stay compliant, even as legislation moves on.
And many other features
Policy and Organisation
- Management of policies in the form of manuals;
- Framework with full ISO27001 coverage;
- Information clearly displayed.
Processes and KPIs
- Establish processes and related information systems;
- Establish and manage objectives and KPIs (Key Performance Indicators);
- Compliance with the standard is automatically made transparent.
.png?width=55&height=67&name=Verwerkingsregister%20(AVG).png)
Processing Register (GDPR)
- Establish processing register in accordance with the GDPR;
- Conducting Data Protection Impact Assessments (or DPIAs);
- Establishing processor agreements;
- Record data breaches and collect all information required for reporting to the privacy authorities;
- Capabilities for the registration and handling of data subject requests.
Implementation and Certification
- Implementation plan for an ISO 27001 certification, for example. This plan easily helps you through the necessary steps to certification, including:
- Defining policy objectives;
- Inventory of systems and assets;
- Risk analysis and management;
- Internal control (audits);
- Preparation of a Statement of Applicability (SoA).
- Migration plan to transfer an existing information management system to Base27, or an GDPR specific implementation focusing on privacy protection.
Operational Planning
- See at a glance which information security maintenance tasks need to be performed throughout the year and what the status is;
- Easily assign tasks and monitor progress;
- The plan is flexibly expandable and can be repeated annually;
- It is also possible with the same functionality to draw up an execution plan for, for example, implementation or migration of (parts of) the information security.
Management Reports
- Reporting to management on all matters related to information security or privacy protection is easily accomplished using the document reports within Base27. The report is automatically compiled based on selected data;
- All data is available for reporting: information systems, suppliers, risks, measures, incidents, processing et cetera;
- Easily print or export to Microsoft Word. Output can be based on templates with your corporate identity.
Enterprise Features
- Insight and direction by department or business unit;
- Organising compliance within a broad user organisation using questionnaires.
- Informing employees about developments in the field of information security and privacy protection within your organisation by means of internal newsletters.
- Of course, insight into the extent to which the newsletters are actually read is not lacking.
Standards and Accountability
- Support for various standards:
- Information security, including: ISO 27001, ISO 27002, NEN 7510, BIO, ISO 27017/18, COBIT5
- Privacy protection, including: ISO 27701, AVG (GDPR)
- Quality assurance, including: ISO 9001, HKZ
- Other, including: ISO 14001
- Link to policies, processes, information systems, as measures for risks et cetera;
- Statement of Applicability (SoA);
- Internal audits easily based on the declaration of applicability;
- Direct insight into the progress of the implementation through reports.
Supplier Management
- Clearly name and test criteria on which you select suppliers;
- Periodic assessment of suppliers based on selected criteria;
- In addition to suppliers, registration and management of, for example, customers and other organisations.
Asset Management
- Record hardware, software, licenses, access assets and contracts, among others;
- If applicable, issue and intake records can be kept as well as renewal / depreciation records;
- Own types of assets can be dynamically added.
Calamity Plans
- Prepare for calamities by defining how such calamities should be handled and who is responsible;
- Regular monitoring of implementation/operation of business continuity plans.
Dashboards and Reports
- Dashboards for quick and easy insight into the status regarding information security;
- Insight across the whole or by segment (department, system, etc.);
- Filters and sorting;
- Exports to Microsoft Excel or Word;
- Analysis in pivot tables.
- Overviews and analysis of all information in Base27;
- Comprehensive reports allowing you to understand the status of the management system at all times.
Single Sign-On and Integration
- Base27 is excellent for integrating within your organization, for example by using Single Sign-On (based on SAML) to allow your employees to access the application without logging in again;
- REST API to link data from other sources. Through this capability, for example, incidents from your ITSM can be synchronised or comments sent.
Online support
- Direct contact with our support staff;
- Answers to questions regarding the use of Base27 but also for substantive questions regarding information security and privacy protection.
Security
- The application is continuously monitored and security updates are applied daily as needed;
- Default login is based on strong passwords and two-factor authentication;
- Regular backups of data and testing its integrity;
- Data is stored encrypted at our partner in the Netherlands.
ISMS for your organisation
Base27 monitors and manages your processes from one central place. It serves as both an information security management system (ISMS) and a privacy management system (PMS), giving you a firm grip on the many complex aspects of information security and privacy protection.
From policy development and communication to risk analysis, controls and asset registration, Base27 covers it all.
Try it free for 30 days and get instant access to the platform and all its frameworks.
