Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Part A: Control Objectives and Controls as per ISO/IEC 27001:2013 Annex A (A.5 to A.18)
A.5 Information security policies
A.5.1 Management direction for information security
Control Objective: To provide management direction and support for information security in accordance with business requirements and relevant laws and
regulations.
Selected Currently
If selected, reason(s) for If not selected, give
Ref. Item Control implemented
Y/N selection justification for exclusion
Y/N
A.5.1.1 Policies for information A set of policies for information security shall be
security defined, approved by management, published and
communicated to employees and relevant external
parties.
A.5.1.2 Review of the policies The policies for information security shall be
for information security reviewed at planned intervals or if significant
changes occur to ensure their continuing suitability,
adequacy and effectiveness.
Selected Currently
If selected, reason(s) for If not selected, give
Ref. Item Control implemented
Y/N selection justification for exclusion
Y/N
A.10 Cryptography
A.10.1 Cryptographic controls
Control Objective: To ensure proper and effective use of cryptography to protect the confidentiality, authenticity and/or integrity of information.
Selected Currently
If selected, reason(s) for If not selected, give
Ref. Item Control implemented
Y/N selection justification for exclusion
Y/N
A.10.1.1 Policy on the use of A policy on the use of cryptographic controls for
cryptographic controls protection of information shall be developed and
A.11.2 Equipment
Control Objective: To prevent loss, damage, theft or compromise of assets and interruption to the organization’s operations.
Ref. Item Control Selected If selected, reason(s) for Currently If not selected, give
A.12.3 Backup
Control Objective: To protect against loss of data.
Selected Currently
If selected, reason(s) for If not selected, give
Ref. Item Control implemented
Y/N selection justification for exclusion
Y/N
A.12.3.1 Information backup Backup copies of information, software and system
images shall be taken and tested regularly in
accordance with an agreed backup policy.
A.17.2 Redundancies
Control Objective: To ensure availability of information processing facilities.
Selected Currently
If selected, reason(s) for If not selected, give
Ref. Item Control implemented
Y/N selection justification for exclusion
Y/N
A.17.2.1 Availability of Information processing facilities shall be
information processing implemented with redundancy sufficient to meet
facilities availability requirements.
Currently
Ref. Item Control Reason(s) for selection
implemented Y/N
B.1.1
Date