10.8.5 Business Information systems
Assign topic to the user
Kaoutar,
Control A.10.8.5 "Business Information Systems" existed in the old 2005 revision of ISO 27001 / ISO 27002, it does not exist any more in the 2013 revision of ISO 27001/27002.
All the requirements for transfer of information are now covered in the section A.13.2 called "Information transfer". To cover these requirements, you should prepare a policy which defines basic rules for exchanging the information with third parties, and then sign agreements with them which are compliant with your policy.
For example, see this Information Transfer Policy template: https://advisera.com/27001academy/documentation/information-transfer-policy/
Comment as guest or Sign in
Jan 12, 2016