Guest
Mandatory docs
*** are getting ready for their internal audit, and they are asking about some mandatory documents, which I also can’t find on the platform.
Please advise how we can generate the following ones:
Definition of security roles and responsibilities (clauses A.7.1.2 and A.13.2.4)
Acceptable use of assets (clause A.8.1.3)
Secure system engineering principles (clause A.14.2.5)
Business continuity procedures (clause A.17.1.2)
Logs of user activities, exceptions, and security events (clauses A.12.4.1 and A.12.4.3)
Assign topic to the user
Expert
Rhand Leal
May 12, 2022
This information can be located as follow:
- Definition of security roles and responsibilities (clauses A.7.1.2 and A.13.2.4): security roles and responsibilities are defined alongside all documents implemented for the ISMS. You can see a summary of this information by accessing the “Responsibility Matrix” link in the left side panel of Conformio Screen.
- Acceptable use of assets (clause A.8.1.3): this control is implemented by means of the IT Security Policy
- Secure system engineering principles (clause A.14.2.5): this control is implemented by means of the Secure Development Policy
- Business continuity procedures (clause A.17.1.2): this control is implemented by means of the Disaster Recovery Plan document
- Logs of user activities, exceptions, and security events (clauses A.12.4.1 and A.12.4.3): logs are generated and stored in the information systems the organization configures them (these records need to be uploaded manually to Conformio if you want to access them through the platform). Security events can be found in the Incident Register Module.
Comment as guest or Sign in
May 12, 2022
May 12, 2022
May 12, 2022