Escolar Documentos
Profissional Documentos
Cultura Documentos
Addressing security while dealing Whether all identified security requirements are
2.2.2 6.2.2 fulfilled before granting customer access to the
with customers
organization’s information or assets.
Remote diagnostic and configuration Whether physical and logical access to diagnostic
port protection ports are securely controlled i.e., protected by a
7.4.4 11.4.4 security mechanism.
Whether groups of information services, users
and information systems are segregated on
networks.
8.5.5 12.5.5 Outsourced software development Whether points such as: Licensing arrangements,
escrow arrangements, contractual requirement
for quality assurance, testing before installation
to detect Trojan code etc., are considered.
8.6 12.6 Technical vulnerability management
Whether timely information about technical
vulnerabilities of information systems being used
is obtained.
8.6.1 12.6.1 Control of technical vulnerabilities
Whether the organization’s exposure to such
vulnerabilities evaluated and appropriate
measures taken to mitigate the associated risk.
Information Security Incident Management
9.1 13.1 Reporting information security events and weaknesses
Data protection and privacy of Whether data protection and privacy is ensured
11.1.4 15.1.4 as per relevant legislation, regulations and if
personal information
applicable as per the contractual clauses.
Whether use of information processing facilities
for any non-business or unauthorized purpose,
without management approval is treated as
improper use of the facility.
Whether a log-on a warning message is
Prevention of misuse of information presented on the computer screen prior to log-on.
11.1.5 15.1.5 Whether the user has to acknowledge the
processing facilities
warning and react appropriately to the message
on the screen to continue with the log-on
process.
Whether legal advice is taken before
implementing any monitoring procedures.
Whether the cryptographic controls are used in
11.1.6 15.1.6 Regulation of cryptographic controls compliance with all relevant agreements, laws,
and regulations.
11.2 15.2 Compliance with techincal policies and standards and technical compliance
Whether managers ensure that all security
procedures within their area of responsibility are
carried out correctly to achieve compliance with
Compliance with security policies security policies and standards.
11.2.1 15.2.1
and standards
Do managers regularly review the compliance of
information processing facility within their area of
responsibility for compliance with appropriate
security policy and procedure
Whether information systems are regularly
checked for compliance with security
implementation standards.
11.2.2 15.2.2 Technical compliance checking
Whether the technical compliance check is
carried out by, or under the supervision of,
competent, authorized personnel
11.3 15.3 Information systems audit considerations
Whether audit requirements and activities
involving checks on operational systems should
be carefully planned and agreed to minimise the
11.3.1 15.3.1 Information systems audit control
risk of disruptions to business process.
Results
Status (%)
20
Internal Organization 0%
Organization of Information Security
External Parties 0%
Prior to Employment 0%
Human resources security During Employment 0%
Termination or change of employment 0%
Secure Areas 0%
Physical and Enviornmental security
Equipment Security 0%
0%
0%
1%
2%
2%
3%
3%
4%
4%
Security Policy
4%
0%
Asset Management
0%
Domain
Access Control
0%
Compliance per Domain
Compliance
0%
ISO 27001 Compliance Checklist
Compliance Checklist
A conditional formatting has been provided on "Compliance checklist" sheet under the "Status (%)" fi
1 to 25
26 to 75
76 to 100
In the field "Findings" fill in the evidence that you saw and your thoughts of the implementation
In the field "Status (%)" fill in the compliance level on the scale as mentioned above
If any of the controls in not applicable, please put in "NA" or anything that denotes that particular con
f the implementation
ned above
denotes that particular control is not applicable to the organization