Compliance: ISO 27001

Patch Manager Plus helps your organization comply with the ISO 27001:2013 controls. Patch Manager Plus complements annexure A.12.6.1 Management of Technical Vulnerabilities, by providing up-to-date patches for applications installed in the systems, and A.12.4.1 by maintaining logs for all events.

Requirement Number Requirement Description How Patch Manager Plus fulfills the requirement?
A.12.6.1 - Management of Technical Vulnerabilities

Information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organization’s exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk.

Patch Manager Plus keeps updating about the vulnerabilities in applications and detects the missing patches/hotfix. IT admins can deploy the patches or perform automatic patch installation, which ensures that systems are secured.

Also, Patch Manager Plus reports on system vulnerabilities, Patches, OS, etc. and provides an update of the patch deployment status.

A.12.4.1 - Event Logging Event logs recording user activities, exceptions, faults and information security events need to be produced, kept and reviewed regularly.

Patch Manager Plus enables role-based administration, and logs every action performed by all the users along with date and time. The logs will be maintained for a specified number of days which can be configured.

Patch Manager Plus enables administrator to review the changes done by all the users. The view can also be filtered user-wise and module-wise for easier analysis.

For more details about ISO 27001, check out Zoho's compliance document.