Data leakage prevention
I was wondering that there is no template for 8.12 Data leakage prevention in the toolkit.
Could you please provide any help on that topic in the context of a small company, not having to many options to introduce a fancy tool-set to cover this new 2022 aspect.
Assign topic to the user
Control A.8.12 Data leakage prevention is covered in the following documents of the toolkit, located in folder 09 Annex A Security Controls:
- Information Classification Policy, sections 3.4 Handling classified information, and 3.5 Handing data exposure
- Security Procedures for IT Department, sections 3.4 Network security management and 3.9 System monitoring
- IT Security Policy, section 3.14 Internet use
For further information, see:
- Detailed explanation of 11 new security controls in ISO 27001:2022 https://advisera.com/27001academy/explanation-of-11-new-iso-27001-2022-controls/
Thank you for your quick support. Since we have not the option to introduce a dedicated dlp solution I was looking for a more concept like document / process description in a dedicated document.
Unfortunately, such a template is not available. ISO 27001 does not require a specific document for data loss prevention, and it is not a commonly used document.
For the development of such a document, we suggest you consider the following topics:
- definition of responsibilities for data leakage prevention
- definition of steps for data leakage prevention
- definition of which type of information requires the application of data leakage prevention measures
- definition of technologies to be implemented for data leakage prevention
- definition of acceptable behavior for users regarding Internet use
Considering this suggestion, you can use the highlighted sections mentioned in the documents in the first answer to start your document.
Comment as guest or Sign in
Jun 14, 2023