As *** internal contact for ISO 27001, a query arose while filling out your documents.
I have tried to include information from the VDA ISA 5.0 questionnaire in your documents. In doing so, I often read about requirements that have to be determined.
Are the following requirements in your document
determined and then referenced in the respective documents to be created later and implemented in a suitable manner or where exactly are these requirements written down?
1 - Requirements for the procurement, commissioning and approval for the use of non-organizational IT services are determined
2 - Requirements and procedures for the use of confidentiality agreements when passing on sensitive information
3 - The procedures for user authentication are defined and implemented on the basis of business and security requirements.
4 - The requirements for development and test environments have been determined
5 - Measures to meet the requirements with regard to intellectual property rights and the use of software products protected by copyright (procurement and license management) are defined and implemented.
6 - Requirements from business relationships (e.g. reporting obligations to the client) are determined and implemented.
7 - Requirements for key sovereignty have been determined and met.
8 - Security-relevant requirements for information security with regard to the handling of event logs, such as B. Requirements from contracts are determined and implemented.
9 - Extended requirements for the control and administration of networks have been identified and implemented