Control A.18.1.2
Working on 18.1.2 (intellectual property rights), how can we prove compliance with this control? Do we simply need to have copies of the agreements we have with each piece of software used? And be prepared to prove that we are operating within the agreed terms?
Assign topic to the user
In general terms your assumption is correct.
Please note that this control is related to compliance with legal requirements (e.g., laws, regulations, and contracts) related to intellectual property rights and the use of proprietary software.
Considering that, you need to evaluate applicable legal requirements to your company to identify what they required from you for compliance. Compliance evidence may be only a copy of terms of service, but this may also require other evidence, like log reports, or reports from independent auditors.
Comment as guest or Sign in
Nov 23, 2022