Register of Requirements
Underneath the register of requirements where I am asked if I am compliant with the Computer Misuse Act am I expected to have a policy or do I read and agree to the terms?
Assign topic to the user
By checking that you are compliant with the Computer Misuse Act, you state that you have implemented all the controls defined as necessary to fulfill the Act’s requirements (secure computer material against unauthorized access or modification, and for connected purposes).
Considering that, you need to identify in the Statement of Applicability which controls are related to the Computer Misuse Act, and ensure they are implemented (these controls may refer to documents, facilities, and/or technologies).
For example, if controls related to this Act are controls A.5.15 - Access control, and A.7.1 – Physical security perimeters, then you need to ensure that they are implemented (e.g., by implementing an Access Control Policy, and by defining areas with different security levels, related to the sensitivity of the information kept on them).
Comment as guest or Sign in
May 25, 2023