fbpx

ISO27001 – Control 5.15 – Access Control

By |2024-11-24T16:48:08+00:00November 25th, 2024|Information Security, ISO 27001 Controls|

ISO 27001 - Control 5.15 - Access Control Control 5.15 Wording Control 5.15 - Access Control states "Rules to control physical and logical access to information and other associated assets should be established and implemented based on business and information security requirements." What this means Control 5.15 - At its core, access control is about ensuring the right people have access to the right resources at the right time. Think of it as a sophisticated bouncer for your business assets, both digital and physical. It's not [...]

Read More
 0

ISO27001 – Control 5.14 – Information Transfer

By |2024-11-09T16:25:08+00:00November 11th, 2024|Information Security, ISO 27001 Controls|

ISO 27001 - Control 5.14 - Information Transfer Control 5.14 Wording Control 5.14 - information transfer states "Information transfer rules, procedures, or agreements should be in place for all types of transfer facilities within the organization and between the organization and other parties". What this means Control 5.15 - information transfer is aiming to ensure that any information transfer processes are robust and secure and available to all within the organisation. The most obvious means of data transfer is email but there is also the consideration [...]

Read More
 0

ISO27001 – Control 5.13 – Labelling of Information

By |2024-10-17T16:57:49+01:00October 21st, 2024|Information Security, ISO 27001 Controls|

ISO 27001 - Control 5.13 - Labelling of Information Control 5.13 Wording An appropriate set of procedures for information labelling should be developed and implemented in accordance with the information classification scheme adopted by the organization. What this means This is the followup control to 5.12 - Classification. This control is designed to make sure that all business assets are labelled as part of securing information within the organisation. It's all about marking your data so everyone knows how to handle it properly. Let's break down [...]

Read More
 0

ISO27001 – Control 5.12 – Classification of Information

By |2024-09-08T13:14:30+01:00August 26th, 2024|Information Security, ISO 27001 Controls|

Control 5.12 – Classification of Information Control Information should be classified according to the information security needs of the organization based on confidentiality, integrity, availability and relevant interested party requirements. What this means There needs to be a classification scheme implemented to protect information assets and this classification scheme should be documented and communicated to all staff and other relevant parties such as contractors, data processors etc. When classifying documents the organisation needs to consider the confidentiality, integrity, and availability requirements in the classification scheme. Try [...]

Read More
 0

© Copyright | All Rights Reserved | Audit & Risk Professionals Llp | Registered in England and Wales, Company Number: OC393687. Registered Address: 2 Masefield Ave, Borehamwood, HERTS, WD6 2HQ | Privacy Policy |

Go to Top