Академический Документы
Профессиональный Документы
Культура Документы
Knights Inc.
Statement of
Applicability
ISO 27001 : 2013
DOCUMENT CONTROL
Revision History
Applicable
Clause Controls Justification If yes give Reference Document
Yes/ No
Applicable
Clause Controls Justification If yes give Reference Document
Yes/ No
Applicable
Clause Controls Justification If yes give Reference Document
Yes/ No
Applicable
Clause Controls Justification If yes give Reference Document
Yes/ No
Applicable
Clause Controls Justification If yes give Reference Document
Yes/ No
A.11.2 Equipment
As a result of risk assess- Physical and environmental security
A.11.2.1 Equipment siting and protection Yes
ment Policy and Procedure
As a result of risk assess- Physical and environmental security
A.11.2.2 Supporting utilities Yes
ment Policy and Procedure
Physical and environmental security
As a result of risk assess- Policy and Procedure
A.11.2.3 Cabling security Yes
ment Cabling security procedure and
patch list
Physical and environmental security
Policy and Procedure
Need to ensure availabil-
Daily equipment monitoring records
A.11.2.4 Equipment maintenance Yes ity of all information pro-
and maintenance records
cessing equipment.
Equipment repair / servicing records
Equipment Insurance documents
Protection of all infor- Physical and environmental security
Policy and Procedure
A.11.2.5 Removal of assets Yes mation processing assets
Gate pass
to safeguard infomraiton.
Physical and environmental security
Security of equipment and assets As a result of risk assess-
A.11.2.6 Yes Policy and Procedure
off-premises ment Equipment Insurance documents
Secure disposal or re-use of As a result of risk assess- Physical and environmental security
A.11.2.7 Yes
equipment ment Policy and Procedure
As a result of risk assess- Physical and environmental security
A.11.2.8 Unattended user equipment Yes
ment policy
As a result of risk assess- Physical and environmental security
A.11.2.9 Clear desk and clear screen policy Yes
ment policy
A.12 Operations security
Operational procedures and re-
A.12.1
sponsibilities
Documented operating proce- As a result of risk assess- Documented operating procedures
A.12.1.1 Yes
dures ment
Operations management and
As a result of risk assess- Change control policy and proce-
A.12.1.2 Change management Yes
ment dure
Change management records
Physical security procedure
As a result of risk assess- Record of capacity planning
A.12.1.3 Capacity management Yes
ment
Applicable
Clause Controls Justification If yes give Reference Document
Yes/ No
Applicable
Clause Controls Justification If yes give Reference Document
Yes/ No
Restrictions on software installa-
A.12.6.2
tion
Information systems audit con-
A.12.7
siderations
Information systems audit con- As a result of risk assess- Information security audit procedure
A.12.7.1 Yes
trols ment
Information transfer policies and As a result of risk assess- Email policy and procedure
A.13.2.1 Yes
procedures ment
Agreements on information Third party agreements
A.13.2.2 Yes Contractual requirement
transfer
As a result of risk assess- Email policy and procedure
A.13.2.3 Electronic messaging Yes
ment
Terms and conditions of employ-
ment attached with Appointment
Confidentiality or nondisclosure As a result of risk assess- Letter
A.13.2.4 Yes
agreements ment Non-Disclosure Agreements
signed with personnel handling
very sensitive information
Applicable
Clause Controls Justification If yes give Reference Document
Yes/ No
applications with other
service providers
Applicable
Clause Controls Justification If yes give Reference Document
Yes/ No
Applicable
Clause Controls Justification If yes give Reference Document
Yes/ No
A.17.2 Redundancies
Availability of information pro- <BLANK – NO JUSTIFICA-
A.17.2.1 Yes <BLANK – NO JUSTIFICATION>
cessing facilities TION>
A.18 Compliance
Compliance with legal and con-
A.18.1
tractual requirements
Identification of applicable legis- List of applicable legislations
A.18.1.1 lation and contractual require- Yes Legal requirement
ments
IPR and Data protection policy
A.18.1.2 Intellectual property rights Yes Legal requirement Software licenses
Audit reports
Information classification procedure
Information labelling and handling
A.18.1.3 Protection of records Yes Statutory requirement procedure
List of record categories, retention
periods etc.
Legal requirement as per IPR and Data protection policy
Privacy and protection of person-
A.18.1.4 Yes Data Protection Law and
ally identifiable information
SOX
Regulation of cryptographic con- Standard SSL certificates
A.18.1.5 Yes Cryptographic controls process
trols used