ISO 27001:2022 Controls document list for ISO 27001 Implementation
Вставка
- Опубліковано 16 вер 2024
- ISO 27001:2022 Controls document list for ISO 27001 Implementation
Control Document
5.1 Information security policy Policy document
5.2 Organization of information security Organization chart, job descriptions, roles and responsibilities matrix
5.3 Asset management Asset inventory, classification scheme, disposal policy
5.4 Human resource security Employment contracts, onboarding and offboarding procedures, training records, security awareness materials
5.5 Access control Access control policy, access control list, visitor management policy
5.6 Security of assets Physical security policy, security plan, security checklist
5.7 Protection of systems and applications Development and maintenance policy, change control policy
5.8 Information security of communications and operations Operations security policy, incident response plan
5.9 Compliance with laws, regulations, and standards Compliance checklist, risk assessment of compliance risks, remediation plan
5.10 Information security awareness and training Training plan, training materials, training records
5.11 Internal audit Internal audit plan, audit reports
5.12 Management review Management review minutes, action items
5.13 Corrective action Corrective action plan, action items
5.14 Improvement Improvement plan, action items
6.1 Risk assessment Risk assessment methodology, risk assessment report
6.2 Risk treatment Risk treatment plan, action items
6.3 Security incident management Incident response plan, incident response procedures
6.4 Business continuity management Business continuity plan, disaster recovery plan
6.5 Supplier relationships Supplier security policy, supplier risk assessment
6.6 Outsourcing Outsourcing contract, security requirements for outsourced services
8.1 Information security management system (ISMS) ISMS policy, ISMS plan, ISMS documentation
8.2 Information security risk assessment Risk assessment methodology, risk assessment report
8.3 Information security risk treatment Risk treatment plan, action items
8.4 Security controls Control implementation plan, control assessment report
8.5 Security awareness and training Training plan, training materials, training records
8.6 Security incident management Incident response plan, incident response procedures
8.7 Information security aspects of business continuity Business continuity plan, disaster recovery plan
8.8 Information security aspects of supplier relationships Supplier security policy, supplier risk assessment
8.9 Information security aspects of outsourcing Outsourcing contract, security requirements for outsourced services
8.10 Cryptography Cryptography policy, key management policy
8.11 Security of network and communications infrastructure Network security policy, firewall policy, intrusion detection system policy
8.12 Security of systems and applications Application security policy, configuration management policy
8.13 Security of data Data classification policy, data retention policy
8.14 Security of disposal Disposal policy, data destruction policy #CyberSecurity
