is any one can let me know how to generate 27001 complince report?
Reporting is based on policies in the PC service so you will need to have an ISO 27001 policy created to facilitate the report.
An ISO 27001 based configuration policy can be built in the PC service but since there is not currently a prebuilt template in the policy library, the ISO policy will need to be constructed using the policy editor. You may be able to repurpose some of the Center for Internet Security (CIS)-based policies already in the policy library since you can edit them . That would probably be the fastest way.
While ISO 27001/2 is more prescriptive on audit checks lists for IT secure configurations versus the regulatory layer such as Sarbanes Oxley or Basil II/III which require another framework (CoBIT/COSO/ISO) to interpret and organize the compliance processes, the ISO 27001 requirements were not as granular as the detail using CIS frameworks provided. This is why much of the initial PC control content was based on CIS benchmark criteria. CIS has benchmark requirements down to the technology, and more importantly, technology version for configuration auditing.
Also, because of the interpretive nature of these frameworks, we see that the same regulation or framework may result in very different configuration policies from customer to customer. So, rather than build a single policy, we opted to build a flexible policy editor that allows customers to pick controls from a library and edit the control's expected configuration values to model their existing configuraiton criteria.
To build an ISO 27001 based policy, you can leverage one of several methods. Here are a few methodologies I use:
I often use all three techniques in the policy creation process.
Over the last few weeks, Qualys has been including some prebuilt CIS policy templates starting with Windows, this may assist with your efforts since most all these controls are releated to ISO 27001 guidance.
It may be beneficial to contact your TAM to schedule a WebEx overview of the policy compliance service to help with this task as well.
Retrieving data ...