ISO 27001:2013

ISO 27001 is an international standard published by the International Standardization Organization (ISO), and it describes how to manage information security in a company. The latest revision of this standard was published in 2013, and its full title is now ISO/IEC 27001:2013.

ISO 27001 standard helps organizations' manage the security of sensitive assets such as financial data, intellectual property, employee records, customer data, and other sensitive information. It mandates that enterprises enforce information security, thereby reducing the possible risk of data thefts and breaches.

Mobile Device Manager Plus supports the following security measures- A.6.2.1 to support security measures adopted to manage risks introduced by Mobile Devices. A.8.1.1, A.8.1.2 and A.8.1.3 controls help organizations to manage assets and keep the IT updated with the latest information and generate evidence. Mobile Device Manager Plus also fulfills the controls A.12.5.1 and A.12.6.2 that ensure the installation of software on operational systems.

How does Mobile Device Manager Plus ensure compliance?

The following list of features provided by Mobile Device Manager Plus that allow organizations to be compliant.

Requirement Requirement Description How Mobile Device Manager Plus achieves it?
A.6.2.1 - Mobile device policy

A policy and supporting security measures shall be adopted to manage the risks introduced by using mobile devices.

Mobile Device Manager Plus allows admins to configure and secure their mobile devices using profile management.

Mobile Device Manager Plus provides selective access to corporate accounts like E-mail, Wi-Fi, VPN on managed mobile devices. It also lets admins configure stringent passcode settings on the devices.

A.8.1.1 - Inventory of assets Control assets associated with information and information processing facilities shall be identified and an inventory of these assets shall be drawn up and maintained.

Mobile Device Manager Plus allows organizations mobile devices inside the organizations and also provides out-of-the-box network inventory reports to get the required details.

The ability to export the reports into PDF or CSV formats helps to integrate with third-party reporting engines or print it out for future reference.

A.8.1.2 - Ownership of assets(ii)

Assets maintained in the inventory shall be owned.

Mobile Device Manager Plus' inventory management lets IT admins maintain details of the devices with information such as device owner, search tag, email-id, etc.
A.8.1.3 - Acceptable use of assets

Rules for the acceptable use of information and of assets associated with information and information processing facilities shall be identified, documented and implemented.

Mobile Device Manager Plus provides reports to view the software and hardware details of the network.

The ability to export the reports into PDF or CSV formats helps to integrate with third-party reporting engines or print it out for future reference.

A.12.5.1 - Installation of software on operational Systems

Procedures shall be implemented to control the installation of software on operational systems.

Mobile Device Manager Plus' app management allows admin to remotely install, uninstall and update the apps in the devices.

Also, Mobile Device Manager Plus' facilitates the blocklisting of apps that are not required in the organization.

A12.6.2 - Restrictions on software installation Rules governing the installation of software by users shall be established and implemented.

Mobile Device Manager Plus maintains a list of apps available in the network in the inventory section.

It also allows the blocklisting of apps that are prohibited in the organization and are not required by the users.

Mobile Device Manager Plus can also be used to restrict users from installing and uninstalling apps into the devices

ISO/IEC 27001 is one of the most widely recognized independent international security standards. This certificate is awarded to organizations that comply with ISO's high global standards. ManageEngine has earned ISO/IEC 27001:2013 certification for Applications, Systems, People, Technology, and Processes.