Company Services References Resources Contact Us
 
ISO 9001:2008
ISO 14001:2004
ISO 22000:2005 (HACCP)
OHSAS 18001:2007
ISO / TS 16949
IS0 13485:2003
ISO 27001:2005
CE Marking
GOST-R
UkrSEPRO
Integrated Management Systems
Quality and Productivity Training

Control Objectives and Controls

In addition to the clauses of the standard, the following are the minimum control objectives and controls in ISO 27001, and they align directly with those in ISO 17799.  Minimally, these objectives and controls shall be a part of the ISMS.  Additional objectives and controls may be necessary, depending on the organization’s requirements.

 

 

A.5 Information Security

§         Information security policy


A.6 Organization of Information Security

§         Internal organization

§         External parties


A.7 Asset Management

§         Responsibility for assets

§         Information classification


A.8 Human Resources Security

§         Prior to employment

§         During employment

§         Termination or change of employment


A.9 Physical and Environmental Security

§         Secure areas

§         Equipment security


A.10 Communications and Operations Management

§         Operational procedures and responsibilities

§         Third party service delivery management

§         System planning and acceptance

§         Protection against malicious and mobile code

§         Back-up

§         Network security management

§         Media handling

§         Exchange of information

§         Electronic commerce services

§         Monitoring


A.11 Access Control

§         Business requirements for access control

§         User access management

§         User responsibilities

§         Network access control

§         Operating system access control

§         Application and information access and control

§         Mobile computing and tele-working


A.12 Information Systems Acquisition, Development, and Maintenance

§         Security requirements of information systems

§         Correct processing in applications

§         Cryptographic controls

§         Security of system files

§         Security in development and support processes

§         Technical vulnerability management


A.13 Information Security Incident Management

§         Reporting information security events and weaknesses

§         Management of information security incidents and improvement


A.14 Business Continuity Management

§         Information security aspects of business continuity mgmt.


A.15 Compliance

§         Compliance with legal requirements

§         Compliance with security policies and standards, and technical compliance

§         Information systems audit consideration
 
 
Print | Send
   
  Consult Our Experts
  T:+90.212.2111616
F:+90.212.3562002
  Associations  
 
Acar Quality Consulting is effective member of Turkish Quality Assocation (Kal-Der) through its consultants.
 
  Newsletter  
  Add your e-mail address to receive Quality news from Turkey  
   
Turkish Standards Institution
Turkish Accreditation Agency
ACAR Intellectual Property Law
 
Copyright © 2004 | ACAR Quality Consulting Ltd