Standard of Good Practice for Information Security
![Array](https://www.securityforum.org/wp-content/uploads/2023/03/ISF_SOGP-2022_Member-Launch-Graphics_PWS-Carousel-Image-300x197.png)
The ISF Standard of Good Practice for Information Security (SOGP) is the leading authority on information security.
SOGP presents business-orientated information security topics with practical and trusted implementation-level guidance.
Covering a wide range of information security topics that are relevant for current and emerging threats, technology and risks, its broad scope and extensive guidance enables organisations to integrate up-to-date good practice with their business processes, information security programme, risk management, and compliance arrangements.
Designed for risk management specialists, information security managers and security practitioners, SOGP helps organisations to:
- be agile when exploiting new opportunities, whilst managing the associated risk
- respond to rapidly evolving threats to reduce the risk of costly incidents, operational impact and potential damage to brand and reputation
- identify regulatory and compliance requirements, and plan how best to meet them.
SOGP is aligned with a wide variety of external standards and frameworks, including ISO/IEC 27002, NIST Cybersecurity Framework, and the CSA Cloud Control Matrix, enabling organisations to consolidate compliance activities in a single, unified approach.
![](https://www.securityforum.org/wp-content/uploads/2023/03/Resilience-1-300x300.png)
Deliver resilience
Respond rapidly to mounting threats with a ready-made framework of security controls.
![](https://www.securityforum.org/wp-content/uploads/2023/03/Compliance-1-300x300.png)
Ensure compliance
Work towards certification of compliance in an efficient, cost-effective manner.
![](https://www.securityforum.org/wp-content/uploads/2023/03/Information-Risk-1-300x300.png)
Assess information risk
Deliver comprehensive, consistent protection in line with your organisation’s risk appetite.
![](https://www.securityforum.org/wp-content/uploads/2023/03/Policies-1-300x300.png)
Harmonise policies
Greatly reduce the time and effort required to produce information security policies and procedures.
![](https://www.securityforum.org/wp-content/uploads/2023/03/Supply-Chain-300x300.png)
Manage supply chains
Incorporate your supply chain into a risk-based approach to information security.
![](https://www.securityforum.org/wp-content/uploads/2023/03/Awareness-1-300x300.png)
Raise awareness
Increase the profile of information security across the business.
![](https://www.securityforum.org/wp-content/uploads/2023/03/ISF_SOGP-2022_Member-Launch-Graphics_PWS-Carousel-Image-300x197.png)
Already an ISF Member?
If you are already a part of the ISF community, head to ISF Live for access to all the relevant materials required to implement the SOGP, the SOGP WebApp, and a network of over 25,000 information security professionals.