ISO/IEC 27001 has made transition to the Annex SL, now in newer revision, as adopted Annex SL. Requirement elements of ISO/IEC 27002 (ISMS) covering areas of information and security of
systems, including as activities determine, networks and telecommunications:
Business Continuity Planning
Current ISO/IEC 27002 | ISO/IEC 27001 address best practices of control and improving security of information, the requirements invoke:
physical and environmental security;
communications and operations management;
information systems acquisition, development and maintenance;
information security incident management;
business continuity management; and
- security policy;
- the organization of information security;
- asset management;
- human resources
- Address issues relevant to counteracting interruptions and the effects of disaster recovery within the organization's activities and critical business processes - risk management
- System Access Control
- To control access to information
- Prevention of unauthorized access to information
- Ensuring protection of the networked services
- Prevention of unauthorized access of systems and communication peripherals
- Detection of unauthorized activities
- Assure that integrity of information security when mobile and telecommunication (including WI-FI).
System Development and Maintenance
- Ensure that security is built into operational systems
- Prevention of loss, modification or misuse of data in applications and system platform
- Protection of the confidentiality, authenticity and integrity of the information
- Ascertain that IT projects and support activities planning and realization occur securely
- Maintaining the security of system applications, software and data.
- For assessment implement, operate, monitor, review, maintain and improve the Security of Information Management System under the International Standard ISO/IEC 27001.
Physical and Environmental Security
- Prevent unauthorized accessing, damage and interference to the physical premises wherein information is processed and business conducted.
- Prevent loss, damage or compromising the assets affecting the business activities.
- Prevent theft of information.
Compliance (see also equally ISO/IEC 27001 Standard)
- Avoid security breaches from criminal or civil law, statutory, regulatory or contractual obligations and predefined security requirements
- Assure complying with the organization's security policies and standards applied to hardware, software and information.
- Optimize the effectiveness of systems thus minimizing interference to/from the audit process.
- Reduce risks of inadvertent human error, theft, fraud or misuse of equipment or facilities
- Ascertain that system users are aware of security threats, concerns and resources provided to abide to the corporate security policy during routine activities
- Minimize damage from security incidents, and malfunctions, using pass experiences to improve.
- Management of information security
- Maintain security of the information, processing facilities, and information assets accessed by authorized outsiders (namely third parties).
- Maintaining secured information, when the responsibility for information processing has been outsourced.
Computer & Network Management
- Assure that processing facilities manage correct and secure operation of information
- Minimize the risk of systems failures
- Protection of the integrity of operating systems, software and information
- Maintaining the integrity and availability of information processing and communication
- Assure the protection of the system structure for safeguarding of networks and information
- Preventing damage of business assets and interruptions to activities
- Preventing loss, modification or misuse of information when exchanged between organizations.
Asset Classification and Control
Maintain appropriate protection of the organizations assets, by ensuring that information assets receive appropriate level of protection.
Provide direction, guidance and support for information security by management.
For ISMS ISO/IEC 27001 certification, as there is no centralized scheme for certification consult with our list of certification bodies.