Ohh! very nice
8:22 a.m.
A.5.1.1 | Policies for information security |
A set of policies for information security shall be defined, approved by management, published and communicated to employees and relevant external parties. |
A.5.1.2 | Review of the policies for information security Policies for information security |
The policies for information security shall be reviewed at planned intervals or if significant changes occur to ensure their continuing suitability, adequacy and effectiveness. |
A.6.1.1 | Information security roles and responsibilities |
All information security responsibilities shall be defined and allocated. |
A.6.1.2 | Segregation of duties |
Conflicting duties and areas of responsibility shall be segregated to reduce opportunities for unauthorized or unintentional modification or misuse of the organization’s assets. |
A.6.1.3 | Contact with authorities |
Appropriate contacts with relevant authorities shall be maintained. |
A.6.1.4 | Contact with special interest groups |
Appropriate contacts with special interest groups or other specialist security forums and professional associations shall be maintained. |
A.6.1.5 | Information security in project management |
Information security shall be addressed in project management, regardless of the type of the project. |
A.6.2.1 | Mobile device policy |
A policy and supporting security measures shall be adopted to manage the risks introduced by using mobile devices. |
A.6.2.2 | Teleworking |
A policy and supporting security measures shall be implemented to protect information accessed, processed or stored at teleworking sites. |
A.7.1 | Prior to employment |
A.7.1.2 | Terms and conditions of employment |
The contractual agreements with employees and contractors shall state their and the organization’s responsibilities for information security. |
A.7.2.1 | Management responsibilities |
Management shall require all employees and contractors to apply information security in accordance with the established policies and procedures of the organization. |
A.7.2.2 | Information security awareness, education and training |
All employees of the organization and, where relevant, contractors shall receive appropriate awareness education and training and regular updates in organizational policies and procedures, as relevant for their job function. |
A.7.2.3 | Disciplinary process |
There shall be a formal and communicated disciplinary process in place to take action against employees who have committed an information security breach. |
A.7.3.1 | Termination or change of employment responsibilities |
Information security responsibilities and duties that remain valid after termination or change of employment shall be defined, communicated to the employee or contractor and enforced. |
A.8.1.1 | Inventory of assets |
Assets associated with information and information processing facilities shall be identified and an inventory of these assets shall be drawn up and maintained. |
A.8.1.2 | Ownership of assets |
Assets maintained in the inventory shall be owned. |
A.8.1.3 | Acceptable use of assets |
Rules for the acceptable use of information and of assets associated with information and information processing facilities shall be identified, documented and implemented. |
A.8.1.4 | Return of assets |
All employees and external party users shall return all of the organizational assets in their possession upon termination of their employment, contract or agreement. |
A.8.2.1 | Classification of information |
Information shall be classified in terms of legal requirements, value, criticality and sensitivity to unauthorised disclosure or modification. |
A.8.2.2 | Labelling of information |
An appropriate set of procedures for information labelling shall be developed and implemented in accordance with the information classification scheme adopted by the organization. |
A.8.2.3 | Handling of assets |
Procedures for handling assets shall be developed and implemented in accordance with the information classification scheme adopted by the organization. |
© 2019 The Document Warehouse UK Ltd