| ISO | Sub-Control | Security Control Objective | Automated Check-Indicators |
| Organization Policy | Ensure existence of information security based on organization risk assessment criteria | Establishment of approved information security policy with control objects and commitment at individual and organization levels. | Assess security awareness and compliance at individual level for all internal and external stakeholders at given time interval Assess organization security maturity level |
| Asset Management | Management of critical assets for example their responsibility, associated owners, acceptable use and coding or labelling | Identify all assets and define its protection appropriately Allocate each asset with appropriate user and use-policy accordingly Labelling all critical asset and procedure for all management of removable media | Automatic identification of assets inventory list and associated :use-policy, information classification tags and ownership Automatic verification of connected removable media in accordance with use-policy Automated procedure for evaluating security awareness and organizational maturity level |
| Operations Security | Protection from malware, viruses and potential vulnerabilities | Protect from malware each transmission, processing and storage critical assets Record and manage all user and system logs Identify potential technical vulnerabilities | Automatic alerts for any associated malware processes or activities actively running on protected asset Automated regularly review of potential known vulnerabilities, system’s logs and user activity logs so as to check potential security warning or information |
| Incidents Management | Analytics of security incidents and weakness identified from each asset and users | Evaluates security awareness and maturity level across the organization structure Establishing learning from collected information security incidents and weakness | Automated analytic engine to analyze security weakness and incidents from each user including all assets owned by such user By use of Charts and plots demonstrate the identified analytic learning from security incidents, violations and weakness using graphs for easy interpretation without expertise |