This rule is about information security incident management, which means a company must have a system and people to handle the information security incidents. What is ISO 27001 Annex A 5.24? The latest version of the ISO 27001 standard is ISO/IEC 27001:2022 (published in October 2022). In the ISO/IEC 27001:2022 Standard the control is titled “Information Security Incident […]
This rule is about cloud supplier management, which means a company must have a system to handle the information security risks of its third party cloud systems, products and services. What is ISO 27001 Annex A 5.23? The latest version of the ISO 27001 standard is ISO/IEC 27001:2022 (published in October 2022). In the ISO/IEC 27001:2022 Standard the
ISO 27001 Annex A 5.23 – Information Security For Use Of Cloud Services Read More »
This rule is about ICT supplier management, which means a company must have a system to handle the management of its third party IT systems, products and services. What is ISO 27001 Annex A 5.22? The latest version of the ISO 27001 standard is ISO/IEC 27001:2022 (published in October 2022). In the ISO/IEC 27001:2022 Standard the control is
ISO 27001 Annex A 5.22 – Monitor, Review And Change Management Of Supplier Services Read More »
This rule is about ICT supplier management, which means a company must have a system to handle the information security risks of its third party IT systems, products and services. What is ISO 27001 Annex A 5.21? The latest version of the ISO 27001 standard is ISO/IEC 27001:2022 (published in October 2022). In the ISO/IEC 27001:2022 Standard the
ISO 27001 Annex A 5.21 – Managing Information Security In The ICT Supply Chain Read More »
ISO 27001 Annex A 5.20 is a simple rule. It says that your business must create and agree upon information security rules with all your suppliers. What Does This Mean? This rule is about putting a legal plan in place. This plan is often a formal contract, a business agreement, or set of terms. This
ISO 27001 Annex A 5.20 – Addressing Information Security Within Supplier Agreements Read More »
The ISO 27001 Annex A 5.19 rule is about managing information security when working with other companies (suppliers). This rule requires your business to handle the security risks that come from using products and services provided by these suppliers. In short, it helps you keep your supply chain secure. Suppliers are one of your biggest
ISO 27001 Annex A 5.19 – Information Security In Supplier Relationships Read More »
Access Rights are the permissions that tell a system exactly what you are allowed to do. Think of it like a key card for a building: your card might let you into the office floor, but not the server room. This rule is about making sure everyone is given only the specific rights they need
ISO 27001 Annex A 5.18 – Access Rights Read More »
Think of Authentication Information as the special keys you use to prove you are who you say you are when you access systems or data. This rule is all about managing and protecting those keys, things like your passwords, PINs, biometric data (like your fingerprint), or security tokens. Essentially, it makes sure you have a
ISO 27001 Annex A 5.17 – Authentication Information Read More »
This rule is about identity management, which means a company must have a system to handle who and what can access its information and IT systems. It covers the entire life of an identity, from when it’s created until it’s deleted. What Is Identity Management? Identity management is a way to make sure that only the
ISO 27001 Annex A 5.16 – Identity Management Read More »
ISO 27001 Annex A 5.15 is about Access Control. This rule says that an organisation must create and follow rules to control who can access information and other assets. This is based on what the business needs and what is required for security. The main goal is to let authorised people in and keep unauthorised people
ISO 27001 Annex A 5.15 – Access Control Read More »