Ohh! very nice
8:22 a.m.
Your business has established a process to identify, assess and manage information security risks. Your business ensures information security risks are assessed and appropriately managed. | |
Senior management has approved and published an appropriate information security policy.Your business provides management direction and support for information security in accordance with business needs and relevant laws and regulations. | |
Your business has defined and allocated information security responsibilities. Your business has established a management framework to coordinate and review the implementation of information security. | |
Your business has established written agreements with third party service providers that include appropriate information security conditions. Your business ensures the protection of personal data that is accessed by suppliers and providers. | |
Your business has established a process to report and recover from data security breaches. Your business ensures the management of data security breaches, including communication of information security events and weaknesses. | |
Your business has established regular information security awareness training for all staff. Your business ensures that employees and contractors are aware of and fulfil their information security responsibilities. | |
Your business has established entry controls to restrict access to premises and equipment on a need-to-know basis. Your business prevents unauthorised physical access, damage and interference to personal data. | |
Your business has established secure storage arrangements to protect records and equipment. Your business prevents loss, damage, theft or compromise of personal data. | |
Your business has sought prior written authorisation from the data controller before engaging the services of a sub-processor. | |
Your business has established a process to securely dispose of records and equipment when no longer required. | |
Your business has established a mobile working policy. Your business ensures the security of mobile working and the use of mobile computing devices. | |
Your business has established a process to configure new and existing hardware to reduce vulnerabilities and provide only the functionality and services required. | |
Your business has established controls to manage the use of removable media. Your business prevents unauthorised disclosure, modification, removal or destruction of personal data stored on media.. | |
Your business has established a process to assign user accounts to authorised individuals, and to manage user accounts effectively to provide the minimum access to information. Your business limits access to personal data held in information systems. | |
Your business has established appropriate password security procedures and 'rules' for information systems and has a process in place to detect any unauthorised access or anomalous use. | |
Your business has established effective anti-malware defences to protect computers from malware infection. Your business ensures that personal data is protected against malware. | |
Your business has established a process to log and monitor user and system activity to identify and help prevent data breaches. Your business records events and generates evidence. | |
Your business has established a process to ensure software is kept up-to-date and the latest security patches are applied. Your business prevents the exploitation of technical vulnerabilities. | |
Your business has established boundary firewalls to protect computers from external attack and exploitation. Your business ensures the protection of personal data in networks. |
© 2019 The Document Warehouse UK Ltd