Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

Document references

  Quote
Guest
Guest user Created:   Nov 19, 2021 Last commented:   Nov 19, 2021

Document references

we are currently working on a certification for TISAX and are using your documents. We are at the point: To what extent are event logs recorded and analyzed? The reference documents: Reference to ISO 27001: A.12.4.1, A.12.4.2, A.12.4.3 Unfortunately, these documents are not included in our package. Are there any documents for this? The same applies to the documents: Reference to ISO 27001: A.12.6 Reference to ISO 27001: A12.7, A.18.2.3 Excited for your feedback

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 19, 2021

Controls A.12.4.1 Event logging, and A.12.4.3 Administrator and operator logs are covered by template Security Procedures for IT Department (section 3.7 System monitoring), located in folder 08 Annex A Security Controls >> A.12 Operations Security.

Control A.12.4.2 Protection of log information is a technical control, which means its implementation is performed directly in the systems, not in the documentation.

For further information, see:

Regarding controls from section A.12.6 Technical vulnerability management, control A.12.6.2 Restrictions on software installation is covered by template IT Security Policy, located in folder 08 Annex A Security Controls >> A.8 Asset Management

Control A.12.6.1 Management of technical vulnerabilities is more of a technical control, which means its implementation is performed directly in the systems, not in the documentation.

For further information, see:

Regarding control from section A.12.7 Information systems audit considerations, and control A.18.2.3 Technical compliance review, they are implemented by means of the Internal Audit Procedure, located in folder 10 Internal Audit, during the audit planning phase.

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 19, 2021

Nov 19, 2021