Feature overview Base27

Policy and Organisation

• Management of policies using digital manuals;
• Framework with full ISO27001 coverage;
• Display information clearly.

Information Systems

• The first step towards adequate information security;
• Unambiguous overview of all sources of information;
• Controls and reporting possibilities including a BIA and authorisation matrix.

Risk Management

• Risk analyses based on defined scope, e.g. processes, information systems and/or suppliers;
• Identifying risks using threat models, such as ISF or the OWASP top 10;
• Countermeasures (treatment plan) to reduce or exclude the risk by means of controls in framework(s);
• Monitoring and evaluation of risks and related countermeasures.

Processes and KPI’s

• Record processes and related information systems;
• Define critical success factors and KPIs (Key Performance Indicators) and steer them accordingly;
• Compliance with the standard is automatically made transparent.

Register of Processing Activities (GDPR)

• Preparation of processing register in accordance with the GDPR;
• Conduct data protection impact assessments (or DPIAs);
• Establish processing agreements;
• Registration of data breaches and collection of all information necessary for notification to privacy authorities;
• Possibilities for the registration and processing of data subject requests.

Internal and External Audits

• Periodically carrying out internal / external audits with respect to frameworks and your own policies;
• Follow-up findings / deviations with countermeasures to improve security;
• Easily inform management using automated reports.

Implementation and Certification

• Implementation plan for e.g. ISO 27001 certification;
  • This plan will help you easily through the necessary steps to certify, among others:
    • Defining the policy objectives;
    • Inventory of systems and assets;
    • Risk analysis and management;
    • Internal control (audits);
    • Drawing up a Statement of Applicability (SoA).
• Migration plan to transfer an existing information management system to Base27, or a GDPR specific implementation with an emphasis on privacy protection.

Operational Planning

• Insight into which tasks need to be carried out to maintain information security throughout the year and what the status is;
• Easily assign tasks and monitor progress;
• The plan is flexible / expandable and can be repeated annually;

It is also possible to use the same functionality to draw up an execution plan, for example, for the implementation or migration of (parts of) the information security.

Management and Board Reports

• Report to management on all matters related to information security is easy to realise with the help of the management and board reports within Base27;
  • The report is automatically compiled on the basis of selected data.
• All data is available for reporting: information systems, suppliers, risks, measures, incidents, processing, etc.;
• Easily print or export to Microsoft Word. The output can be based on templates with custom corporate styling / logo’s.

Enterprise Support and Newsletters

• Insight per department or business unit;
• Inform employees about the developments in the field of information security and privacy protection within your organisation by means of newsletters.
• Insight into the extent to which the newsletters are actually read.

Standards

• Support for different standards:
  • Information security, including: ISO 27001, ISO 27017/18, COBIT 5
  • Privacy protection, including: ISO 27701, GDPR
  • Quality assurance, including: ISO 9001
  • Others, a.o.: ISO 14001
• Linkage to policy, processes, information systems, as countermeasures for risks, etc;
• Statement of Applicability (SoA);
• Easily base internal audits on the Statement of Applicability;
• By means of dashboards, direct overview into the progress of the implementation.

Dashboards and Reports

• Comprehensive reports giving you insight into the status of your information security at all times;
• Dashboards to quickly and easily understand the status of information security;
  • Insight per department, or on the whole;
  • Filters and sorting;
  • Exports to Microsoft Excel or Word;
  • Analysis using pivot tables.

Asset Management

• Record hardware, software, licenses, keys and contracts;
• If applicable, issue and collection records can be kept as well as renewal / depreciation;
• Other types of assets can be added dynamically.

Supplier Selection and Assessment

• Clearly identify and test the criteria on which you select suppliers;
• Periodic assessment of suppliers based on selected criteria;
• Tracking and managing customers and other organisations.

Business Continuity Plans

• Preparing for calamities by laying down how such calamities should be dealt with and who is responsible for them;
• Regular monitoring of execution/operation of business continuity plans.

Online Support

• Direct contact with our support staff;
• Answers to questions regarding the use of Base27 but also for substantive questions regarding information security and privacy protection.

Security

• The application is continuously monitored and security updates are applied on a daily basis as needed;
• Login is based on strong passwords and two-factor authentication;
• Regular backups of the data and testing its integrity;
• Data is stored encrypted at our partner in the European Union.

Single Sign-On and Integration

• Base27 is easy to integrate within your organisation, for example by using SAML to let your employees log in to the application without having to log in again;
• REST API to link data from other sources. For example, incidents can be read from your ITSM or updates can be sent via this option.