return to tools
Tool

Standard of Good Practice for Information Security

riskemerging threatstechnologygovernancesupply chaincloudcompliancepeople
Array
Your comprehensive security framework
Download the executive summary

The ISF Standard of Good Practice for Information Security (SOGP) is the leading authority on information security.

SOGP presents business-orientated information security topics with practical and trusted implementation-level guidance.

Covering a wide range of information security topics that are relevant for current and emerging threats, technology and risks, its broad scope and extensive guidance enables organisations to integrate up-to-date good practice with their business processes, information security programme, risk management, and compliance arrangements.

Designed for risk management specialists, information security managers and security practitioners, SOGP helps organisations to:

  • be agile when exploiting new opportunities, whilst managing the associated risk
  • respond to rapidly evolving threats to reduce the risk of costly incidents, operational impact and potential damage to brand and reputation
  • identify regulatory and compliance requirements, and plan how best to meet them.

SOGP is aligned with a wide variety of external standards and frameworks, including ISO/IEC 27002, NIST Cybersecurity Framework, and the CSA Cloud Control Matrix, enabling organisations to consolidate compliance activities in a single, unified approach.

Deliver resilience

Respond rapidly to mounting threats with a ready-made framework of security controls.

Ensure compliance

Work towards certification of compliance in an efficient, cost-effective manner.

Assess information risk

Deliver comprehensive, consistent protection in line with your organisation’s risk appetite.

Harmonise policies

Greatly reduce the time and effort required to produce information security policies and procedures.

Manage supply chains

Incorporate your supply chain into a risk-based approach to information security.

Raise awareness

Increase the profile of information security across the business.

Already an ISF Member?

If you are already a part of the ISF community, head to ISF Live for access to all the relevant materials required to implement the SOGP, the SOGP WebApp, and a network of over 25,000 information security professionals.

Login to ISF Live

SUPPORTING CONTENT

Array
event

Using the SOGP and CCM for Multi-Cloud Security

A webinar exploring how the cross reference can help security practitioners deploy effective controls over their multi-cloud environments.

Location Online
Watch on-demand on Using the SOGP and CCM for Multi-Cloud Security
Array
service

Controls, Policies and Standards Support

Develop, validate and improve your security controls and policies to create standards that staff across the business can easily follow.

GET IN TOUCH on Controls, Policies and Standards Support
Array
video

Standard of Good Practice in Bitesize

Gain a comprehensive view of how ISF can support you in building a strong foundation for business resilience.

Watch now on Standard of Good Practice in Bitesize