Академический Документы
Профессиональный Документы
Культура Документы
IN
ISO 27001 IMPLEMENTATION
TASKS COMPLIANCE NOTES
CONTROL PHASES
?
5.1.1
Policies for information All policies approved by
security management?
NO Evidence of compliance?
NO
YES
UNKNOWN
YES
Evidence of information
Information security in project
6.1.5 security in project
management
management?
YES
NO
UNKNOWN
Defined policy for physical
8.3.3. Physical media transfer
media transfer?
9 Access control
9.4.4
Use of privileged utility Defined policy for use of
programs privileged utility programs?
YES
NO
UNKNOWN Defined policy for access
Access control to program
9.4.5 control
source code
to program source code?
10 Cryptography
YES
NO
UNKNOWN
Defined policy for key
10.1.2 Key management
management?
11.2.8
Defined policy for unattended
Unattended user equipment
user equipment?
YES
NO
UNKNOWN
Clear desk and clear screen Defined policy for clear desk
11.2.9
policy and clear screen policy?
12 Operations security
12.7
Information systems audit considerations
13 Communication security
13.2.4
Defined policy for
Confidentiality or non-
confidentiality or non-
disclosure agreements
disclosure agreements?
15 Supplier relationships
YES
NO
UNKNOWN
Defined policy for
Information security
16.1.1 information security
management
management?
18 Compliance
DISCLAIMER
Any articles, templates, or information provided by Smartsheet on the website are for reference only. While we strive
to keep the information up to date and correct, we make no representations or warranties of any kind, express or
implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the website or the
information, articles, templates, or related graphics contained on the website. Any reliance you place on such
information is therefore strictly at your own risk.