You need to document your processes and procedures to meet the requirements of ISO 27001 Annex A 5.37. A documented operating procedure in ISO 27001 is simply a written guide that tells you exactly how to do a task securely. Think of it as a set of instructions for a particular process. This makes sure […]
ISO 27001 Annex A 5.37 – Documented Operating Procedures Read More »
You need to follow the policies, rules, and standards you have set for information security, as this is required by ISO 27001 Annex A 5.36. You must make sure that you are compliant with your information security policy, as well as any specific policies, rules, and standards you have created. You should also check these
ISO 27001 Annex A 5.35 is about how a company should independently review its information security management system to ensure it is effective, meeting it’s objectives and operating as intended. What is ISO 27001 Annex A 5.35? The latest version of the ISO 27001 standard is ISO/IEC 27001:2022 (published in October 2022). In the ISO/IEC 27001:2022 Standard
ISO 27001 Annex A 5.35 – Independent Review Of Information Security Read More »
ISO 27001 Annex A 5.34 is a control that asks you to look after personal data. This control is called “Privacy and Protection of Personally Identifiable Information.” It means you must find and then meet all the rules for this type of data. These rules include laws, things you agree to in contracts, and official
ISO 27001 Annex A 5.34 – Privacy And Protection Of PII Read More »
ISO 27001 Annex A 5.33, called Protection of Records, is a rule that asks you to keep records safe. You must protect your records based on rules from the law, government, and contracts. You also need to meet what society and the community expect. This means you must keep your records from being accessed by
ISO 27001 Annex A 5.33 – Protection Of Records Read More »
ISO 27001 Annex A 5.32 is about Intellectual Property Rights. That means you need to know and follow the rules about intellectual property that come from outside your organisation. You should put these rules into practice. These rules are things like laws, government regulations, and agreements you have made about intellectual property. The standard covers
ISO 27001 Annex A 5.32 – Intellectual Property Rights Read More »
ISO 27001 Annex A 5.31 Legal, Statutory, Regulatory and Contractual Requirements, asks you to know what outside rules and laws apply to your information security and then make sure you follow them. It specifically deals with the legal and contract rules that tell you exactly how you should handle and use information security. What is
ISO 27001 Annex A 5.31 – Legal, statutory, regulatory and contractual requirements Read More »
This rule is about ICT Readiness for Business Continuity, which means the IT team having business continuity planned, implemented and tested. What is ISO 27001 Annex A 5.30? The latest version of the ISO 27001 standard is ISO/IEC 27001:2022 (published in October 2022). In the ISO/IEC 27001:2022 Standard the control is titled “ICT Readiness For Business Continuity”. What
ISO 27001 Annex A 5.30 – ICT Readiness For Business Continuity Read More »
This rule is about ensuring that information security is maintained during a disruption, outage or business continuity event. What is ISO 27001 Annex A 5.29? The latest version of the ISO 27001 standard is ISO/IEC 27001:2022 (published in October 2022). In the ISO/IEC 27001:2022 Standard the control is titled “Information Security During Disruption”. What is the ISO 27001
ISO 27001 Annex A 5.29 – Information Security During Disruption Read More »
This rule is about collection of evidence, which means a company must have a system to handle the the collection and management of evidence from information security events. What is ISO 27001 Annex A 5.28? The latest version of the ISO 27001 standard is ISO/IEC 27001:2022 (published in October 2022). In the ISO/IEC 27001:2022 Standard the control is
ISO 27001 Annex A 5.28 – Collection Of Evidence Read More »