Company   Services   References   Resources
ISO 9001:2008
ISO 14001:2004
ISO 22000:2005 (HACCP)
OHSAS 18001:2007
ISO / TS 16949
IS0 13485:2003
ISO 27001:2005
CE Marking
GOST-R
UkrSEPRO
Integrated Management Systems
Quality and Productivity Training

Control Objectives and Controls

In addition to the clauses of the standard, the following are the minimum control objectives and controls in ISO 27001, and they align directly with those in ISO 17799.  Minimally, these objectives and controls shall be a part of the ISMS.  Additional objectives and controls may be necessary, depending on the organization’s requirements.

 

 

A.5 Information Security

§         Information security policy


A.6 Organization of Information Security

§         Internal organization

§         External parties


A.7 Asset Management

§         Responsibility for assets

§         Information classification


A.8 Human Resources Security

§         Prior to employment

§         During employment

§         Termination or change of employment


A.9 Physical and Environmental Security

§         Secure areas

§         Equipment security


A.10 Communications and Operations Management

§         Operational procedures and responsibilities

§         Third party service delivery management

§         System planning and acceptance

§         Protection against malicious and mobile code

§         Back-up

§         Network security management

§         Media handling

§         Exchange of information

§         Electronic commerce services

§         Monitoring


A.11 Access Control

§         Business requirements for access control

§         User access management

§         User responsibilities

§         Network access control

§         Operating system access control

§         Application and information access and control

§         Mobile computing and tele-working


A.12 Information Systems Acquisition, Development, and Maintenance

§         Security requirements of information systems

§         Correct processing in applications

§         Cryptographic controls

§         Security of system files

§         Security in development and support processes

§         Technical vulnerability management


A.13 Information Security Incident Management

§         Reporting information security events and weaknesses

§         Management of information security incidents and improvement


A.14 Business Continuity Management

§         Information security aspects of business continuity mgmt.


A.15 Compliance

§         Compliance with legal requirements

§         Compliance with security policies and standards, and technical compliance

§         Information systems audit consideration

 
Facebook'a Ekle     Twitter'a ekle              Print | Send
We are looking forward
to working with you.
Phone: +90 0212 211 16 16
Fax: +90 0212 356 20 02
kalite@acarkalite.com
Quality and productivity improvement through our trainings

Quality management system training serves to provide a framework that enables a company to use industry standard vocabulary when describing quality management procedures and processes. Employees who do not deal with customers directly often lack the motivation to improve processes without understanding the direct impact their work has on customer satisfaction and company profit. Click here to see our training programs.
OUR CLIENTS More >>
         
 
Copyright © 2004 | ACAR Quality Consulting Ltd  
ISO 9001       ISO 14001       ISO 22000       HACCP       ISO 18001       ISO13485