Data leakage prevention

Control A.8.12 Data leakage prevention is covered in the following documents of the toolkit, located in folder 09 Annex A Security Controls:

• Information Classification Policy, sections 3.4 Handling classified information, and 3.5 Handing data exposure
• Security Procedures for IT Department, sections 3.4 Network security management and 3.9 System monitoring
• IT Security Policy, section 3.14 Internet use

For further information, see:

• Detailed explanation of 11 new security controls in ISO 27001:2022 https://advisera.com/27001academy/explanation-of-11-new-iso-27001-2022-controls/

Thank you for your quick support. Since we have not the option to introduce a dedicated dlp solution I was looking for a more concept like document / process description in a dedicated document.

Unfortunately, such a template is not available. ISO 27001 does not require a specific document for data loss prevention, and it is not a commonly used document.

For the development of such a document, we suggest you consider the following topics:

• definition of responsibilities for data leakage prevention
• definition of steps for data leakage prevention
• definition of which type of information requires the application of data leakage prevention measures
• definition of technologies to be implemented for data leakage prevention
• definition of acceptable behavior for users regarding Internet use

Considering this suggestion, you can use the highlighted sections mentioned in the documents in the first answer to start your document.