Database Reference
In-Depth Information
• Clause A7 Asset Management
• Clause A8 Human Resources Security
• Clause A9 Physical and Environmental Security
• Clause A10 Communications and operations management
• Clause A11 Access Control
• Clause A12 Information System acquisition, development and maintenance
• Clause A13 Information security incident management
• Clause A14 Business continuity management
• Clause A15 Compliance
While listing all of the controls would change the nature and utility of this topic,
we have given you a sample here so that you can see how they fit into the
GRC Applications.
Clause
Control Description
A5
Information Security Policy
A6
Organization of Information Security
A6.1
Internal Organization: To provide management direction and support for
information security in accordance with business requirements and relevant
laws and regulations
A6.1.1
Management commitment to Information Security
A6.1.2
Information Security coordination
A6.1.3
Allocation of Information Security Responsibilities
A6.1.4
Authorization process for information processing facilities
A6.1.5
Confidentiality Agreements
A6.1.6
Contact with Authorities
A6.1.7
Contact with Special Interest Groups
A6.1.8
Independent review of Information Security
A6.2
External Parties: To maintain the security of organizational information
processing facilities and information assets accessed, processed, communicated
to, or managed by external parties.
A6.2.1
Assessment of risks related to external parties
A6.2.2
Addressing security when dealing with customers
A6.2.3
Addressing security in third-party agreements
A7
Asset management
A7.1
Responsibility for Assets: To achieve and maintain appropriate protection of
organizational assets
Search WWH ::
Custom Search