On-line transactions
Assign topic to the user
Answer:
1. Transactions (e.g. financial) are one of the types of services, but the standards does not focus on them. One may of course only think about that, but why narrowing the scope of application services and forgetting issues? I dont think any list will be exhaustive.
Other transactions can be any direct exchange of data, such as credentials for requesting access to a distant system, answers to an line o a poll or survey, uploading files to a cloud server, etc.
2. However, ISO27001:2013 (and ISO 27002:2013 that provides the details of Annex A) doesnt speak about this anymore and widens largely the scope of this control. It relates with all kinds of applications and services that pass over the public service.
Please remember that the title of the clause is System acquisition, development and maintenance.
Some examples of application services: Games, Streaming videos, E-learning, On- line registration and acquisitions, Telephony services, Establishing and managing a radio communication between a control tower and an aircraft.
Best regards
Jean-Luc
Comment as guest or Sign in
Jan 12, 2016