The ISF's Benchmark tool provides in-depth and high-level assessments of your organisation’s security arrangements.

The ISF’s Benchmark as a Service is a business essential to help organisations manage and control information risk throughout their enterprise. This unrivalled tool provides in-depth and high-level assessments of your organisation’s security arrangements. The Benchmark is based on the ISF Standard of Good Practice for Information Security (the Standard).

Benchmark results are available in real time – as soon as you submit your data you can view results and begin your analysis and peer comparisons. This confidential initiative allows you to compare your performance against similar anonymised organisations around the world, as well as against seven internationally recognized standards:

  • ISF Standard of Good Practice for Information Security
  • NIST Cybersecurity Framework
  • The SANS Top 20 Critical Security Controls for Effective Cyber Defense
  • Payment Card Industry Data Security Standard (PCI DSS) version 3.1
  • ISO/IEC 27002: 2013
  • COBIT 5 for Information Security
  • ISO/IEC 27002: 2005

The Benchmark will help you to answer the following questions:

  • How does my organisation’s security incidents and controls compare to my peers?
  • Have I got a clear and up-to-date view of my strengths and weaknesses in the face of ever-changing threats?
  • Am I compliant with my own standards and policies, as well as industry standards and legislations?
  • Do I have objective data to back up the business cases for my security initiatives?

Implementing Benchmark as a Service

Benchmark as a Service with analyst support is available on a 3 or 12 month contract for unlimited use across your business.

All Benchmark as a Service users will receive a set of guidance documents to help them through the phases of using the online Benchmark tool and Benchmark Service.

This service is available to both ISF Members and non-member organisations.

For more information on Benchmark as a Service