80+ security controls
Our ISO27001:2022-compliant security controls
Organisation
Management Direction for Information Security
☑️ Policies for Information Security
Internal Organisation
☑️ Information Security Roles and Responsibilities
☑️ Segregation of Duties
☑️ Management Responsibilities
☑️ Contact With Authorities
☑️ Contact With Special Interest Groups
☑️ Threat Intelligence
☑️ Information Security in Project Management
Mobile Devices and Teleworking
☑️ Inventory of Information and Other Associated Assets
☑️ Acceptable Use of Information and Other Associated Assets
☑️ Return of Assets
Compliance with Legal and Contractual Requirements
☑️ Intellectual Property Rights
☑️ Protection of Records
☑️ Privacy and Protection of Personally Identifiable Information (PII)
☑️ Legal, Statutory, Regulatory and Contractual Requirements
Information Security Reviews
☑️ Independent Review of Information Security
☑️ Compliance With Security Policies and Standards for Information Security
Information Classification
☑️ Classification of Information
☑️ Labelling of Information
Information Transfer
☑️ Information Transfer
Information Security in Supplier Relationships
☑️ Information Security in Supplier Relationships
☑️ Addressing Information Security Within Supplier Agreements
☑️ Managing Information Security in the ICT Supply Chain
☑️ Monitoring, Review and Change Management of Supplier Services
☑️ Information Security for Use of Cloud Services
Information security continuity
☑️ Information Security Incident Management Planning and Preparation
☑️ Documented Operating Procedure
Management of information security incidents and improvements
☑️ Assessment and Decision on Information Security Events
☑️ Response to Information Security Incidents
☑️ Learning From Information Security Incidents
☑️ Collection of Evidence
☑️ Information Security During Disruption
Business requirements of access controls
☑️ Access Control
User access management
☑️ Identity Management Authentication Information
☑️ Access Rights
Information Security Continuity
☑️ ICT Readiness for Business Continuity
People
Employment
☑️ Screening
☑️ Terms and Conditions of Employment
☑️ Information Security Awareness, Education and Training
☑️ Disciplinary Process
☑️ Responsibilities After Termination or Change of Employment
☑️ Remote Working
Information Transfer
☑️ Confidentiality or Non-Disclosure Agreements
Management of information security incidents and improvements
☑️ Information Security Event Reporting
Physical
Equipment
☑️ Clear Desk and Clear Screen
☑️ Equipment Siting and Protection
☑️ Security of Assets Off-Premises
☑️ Equipment Maintenance
☑️ Secure Disposal or Re-Use of Equipment
Media Handling
☑️ Storage Media
Technological
User Access Management
☑️ Privileged Access Rights
☑️ User Endpoint Devices
System and application access control
☑️ Information Access Restriction
☑️ Secure Authentication
☑️ Access to Source Code
☑️ Use of Privileged Utility Programs
Operational procedures and responsibilities
☑️ Capacity Management
☑️ Separation of Development, Test and Production Environments
☑️ Change Management
☑️ Web filtering
Protection from malware
☑️ Protection Against Malware
Technical vulnerability management
☑️ Management of Technical Vulnerabilities
Backup
☑️ Information Backup
Redundancies
☑️ Redundancy of Information Processing Facilities
Logging and monitoring
☑️ Logging
☑️ Monitoring Activities
☑️ Clock Synchronisation
Control of Operational Software
☑️ Installation of Software on Operational Systems
☑️ Configuration Management
Network security management
☑️ Networks Security
☑️ Security of Network Services
☑️ Segregation of Networks
Cryptographic controls
☑️ Use of Cryptography
Security in development and support processes
☑️ Secure Development Life Cycle
☑️ Secure System Architecture and Engineering Principles
☑️ Secure Coding
☑️ Security Testing in Development and Acceptance
Security requirements of information systems
☑️ Application Security Requirements
Information systems audit considerations
☑️ Protection of Information Systems During Audit Testing
Data management
☑️ Information Deletion
☑️ Data Masking
☑️ Data Leakage Prevention
☑️ Test Information