Organizational Controls (Clause 5)

Processes and procedures should be defined and implemented to manage the information security risks associated with the ICT products and services supply chain.

Login

Organizational Controls (Clause 5)

The organization should regularly monitor, review, evaluate and manage change in supplier information security practices and service delivery.

Login

Organizational Controls (Clause 5)

Processes for acquisition, use, management and exit from cloud services should be established in accordance with the organization’s information security requirements.

Login

Organizational Controls (Clause 5)

The organization should plan and prepare for managing information security incidents by defining, establishing and communicating information security incident management processes, roles and responsibilities.

Login

Organizational Controls (Clause 5)

The organization should assess information security events and decide if they are to be categorized as information security incidents.

Login

Organizational Controls (Clause 5)

Information security incidents should be responded to in accordance with the documented procedures.

Login

Organizational Controls (Clause 5)

Knowledge gained from information security incidents should be used to strengthen and improve the information security controls.

Login

Organizational Controls (Clause 5)

The organization should establish and implement procedures for the identification, collection, acquisition and preservation of evidence related to information security events.

Login

Organizational Controls (Clause 5)

The organization should plan how to maintain information security at an appropriate level during disruption.

Login

Organizational Controls (Clause 5)

Information and communication technology (ICT) readiness should be planned, implemented, maintained and tested based on business continuity objectives and ICT continuity requirements.

Login