‎5.1.

Policies for information security

‎5.2. Information security roles and responsibilities

‎5.4. Management responsibilities

‎Governance ‎5.5. Contact with authorities

‎5.6. Contact with special interest groups

‎5.8. Information security in project management

‎5.24. Information security incident management planning and preparation

‎5.35. Independent review of information security

‎Information
‎5.36. Compliance with policies, rules and standards for information security ‎security ‎5.9. Inventory of information and other associated assets
‎assurance
‎8.29. Security testing in development and acceptance ‎5.10. Acceptable use of information and other associated assets

‎5.11. Return of assets

‎5.24. Information security incident management planning and preparation

‎5.14. Information transfer

‎5.25. Assessment and decision on information security events

‎5.33. Protection of records

‎5.26. Response to information security incidents

‎5.37. Documented operating procedures

‎5.27. Learning from information security incidents

I‎nformation ‎6.5. Responsibilities after termination or change of employment

‎5.28. Collection of evidence ‎security event ‎ sset

A
‎6.7. Remote working
‎management ‎ anagement
m
‎6.8. Information security event reporting
‎7.3. Securing offices, rooms and facilities

‎8.15. Logging
‎7.8. Equipment siting and protection

‎8.16. Monitoring activities

‎7.9. Security of assets off-premises

‎8.17. Clock synchronization

‎7.10. Storage media

‎7.13. Equipment maintenance

‎5.31. Legal, statutory, regulatory and contractual requirements
‎7.14. Secure disposal or re-use of equipment
‎5.32. Intellectual property rights
‎8.1. User endpoint devices
‎5.33. Protection of records
‎ egal and
L ‎8.14. Redundancy of information processing facilities
‎5.34. Privacy and protection of PII ‎compliance

‎5.36. Compliance with policies, rules and standards for information security
‎5.10. Acceptable use of information and other associated assets

‎8.10. Information deletion

‎5.12. Classification of information

‎5.13. Labelling of information

‎5.19. Information security in supplier relationships
‎5.14. Information transfer
‎5.20. Addressing information security within supplier agreements
‎5.33. Protection of records
‎5.21. Managing information security in the ICT supply chain
‎ upplier
S ‎5.34. Privacy and protection of PII
‎5.22. Monitoring, review and change management of supplier services ‎relationships
‎6.6. Confidentiality or non-disclosure agreements
‎security
‎5.23. Information security for use of cloud services I‎nformation
‎6.7. Remote working
‎6.6. Confidentiality or non-disclosure agreements
‎protection
‎8.1. User endpoint devices
‎8.30. Outsourced development
‎8.7. Protection against malware

‎8.10. Information deletion

‎5.29. Information security during disruption
‎8.11. Data masking
‎5.30. ICT readiness for business continuity
‎8.12. Data leakage prevention
‎5.37. Documented operating procedures
‎Continuity
‎8.6. Capacity management I‎nformation Security ‎8.33. Test information

‎8.34. Protection of information systems during audit testing

‎8.13. Information backup ‎Controls by Operational
‎8.14. Redundancy of information processing facilities ‎Capabilities ‎6.1. Screening

230206 www.patreon.com/AndreyProzorov ISO 27001/27002:2022 ‎6.2. Terms and conditions of employment

‎5.7. Threat intelligence
‎Threat and vulnerability ‎ uman
H ‎6.3. Information security awareness, education and training
‎5.37. Documented operating procedures ‎resource
‎management ‎6.4. Disciplinary process
‎8.8. Management of technical vulnerabilities
‎security
‎6.5. Responsibilities after termination or change of employment

‎6.6. Confidentiality or non-disclosure agreements

‎5.15. Access control

‎5.16. Identity management

‎5.37. Documented operating procedures
‎5.17. Authentication information
‎6.7. Remote working
‎5.18. Access rights
‎Identity and access ‎7.1. Physical security perimeter
‎5.37. Documented operating procedures
‎management ‎7.2. Physical entry
‎7.2. Physical entry
‎7.3. Securing offices, rooms and facilities
‎8.2. Privileged access rights
‎7.4. Physical security monitoring
‎8.3. Information access restriction
‎7.5. Protecting against physical and environmental threats
‎8.4. Access to source code
‎ hysical
P
‎7.6. Working in secure areas
‎8.5. Secure authentication ‎security
‎7.7. Clear desk and clear screen

‎7.8. Equipment siting and protection

‎5.37. Documented operating procedures

‎7.9. Security of assets off-premises

‎8.4. Access to source code

‎7.10. Storage media

‎8.9. Configuration management
‎ ecure
S
‎8.18. Use of privileged utility programs ‎configuration ‎7.11. Supporting utilities

‎7.12. Cabling security

‎8.19. Installation of software on operational systems

‎7.13. Equipment maintenance

‎8.24. Use of cryptography

‎7.14. Secure disposal or re-use of equipment

‎5.37. Documented operating procedures

‎5.37. Documented operating procedures

‎8.4. Access to source code

‎6.7. Remote working

‎8.18. Use of privileged utility programs

‎8.7. Protection against malware

‎8.19. Installation of software on operational systems

‎8.18. Use of privileged utility programs

‎8.25. Secure development life cycle
‎Application ‎8.20. Network security
‎8.26. Application security requirements
‎security
‎8.21. Security of network services
‎8.27. Secure system architecture and engineering principles

‎8.22. Segregation of networks

‎8.28. Secure coding

‎8.23. Web filtering

‎8.29. Security testing in development and acceptance
‎ ystem and
S
‎8.25. Secure development life cycle
‎8.30. Outsourced development ‎network security
‎8.26. Application security requirements
‎8.31. Separation of development, test and production environments

‎8.27. Secure system architecture and engineering principles

‎8.32. Change management

‎8.28. Secure coding

‎8.29. Security testing in development and acceptance

‎8.30. Outsourced development

‎8.31. Separation of development, test and production environments

‎8.32. Change management

‎8.34. Protection of information systems during audit testing