return to tools

Standard of Good Practice for Information Security

riskemerging threatstechnologygovernancesupply chaincloudcompliancepeople
Business-oriented information security topics with practical and trusted guidance
Download the executive summary

A comprehensive security framework that guides organisations to better cyber security

Standard of Good Practice for Information Security (SOGP) presents business-oriented information security topics with practical and trusted guidance, helping organisations deliver up-to-date good practice that can be integrated into their business processes, information security programme and policy, risk management and compliance arrangements.

Designed for risk management specialists, information security managers and security practitioners, SOGP helps organisations:

  • be agile when exploiting new opportunities whilst managing the associated risk
  • respond to rapidly evolving threats, avoiding costly incidents, operational impacts and reputational damage
  • identify and meet regulatory and compliance requirements.

SOGP is aligned with a wide variety of external standards and frameworks, including ISO/IEC 27002, NIST Cybersecurity Framework, and the CSA Cloud Control Matrix, enabling organisations to consolidate compliance activities in a single, unified approach.

Deliver resilience

Respond rapidly to mounting threats with a ready-made framework of security controls.

Ensure compliance

Work towards certification of compliance in an efficient, cost-effective manner.

Assess information risk

Deliver comprehensive, consistent protection in line with your organisation’s risk appetite.

Harmonise policies

Greatly reduce the time and effort required to produce information security policies and procedures.

Manage supply chains

Incorporate your supply chain into a risk-based approach to information security.

Raise awareness

Increase the profile of information security across the business.

SOGP cross reference to the CSA Cloud Controls Matrix v4

Find out how the partnership between the ISF and Cloud Security Alliance (CSA) has led to a mapping of the SOGP to the Cloud Controls Matrix (CCM) - supporting the deployment of effective controls across your organisation's cloud environments.
Find out more