Personnel and other interested parties as appropriate should return all the organization’s assets in their possession upon change or termination of their employment, contract or agreement.
Information should be classified according to the information security needs of the organization based on confidentiality, integrity, availability and relevant interested party requirements.
An appropriate set of procedures for information labelling should be developed and implemented in accordance with the information classification scheme adopted by the organization.
Information transfer rules, procedures, or agreements should be in place for all types of transfer facilities within the organization and between the organization and other parties.
Rules to control physical and logical access to information and other associated assets should be established and implemented based on business and information security requirements.
The full life cycle of identities should be managed.
Allocation and management of authentication information should be controlled by a management process, including advising personnel on the appropriate handling of authentication information.
Access rights to information and other associated assets should be provisioned, reviewed, modified and removed in accordance with the organization’s topic-specific policy on and rules for access control.
Processes and procedures should be defined and implemented to manage the information security risks associated with the use of supplier’s products or services.
Relevant information security requirements should be established and agreed with each supplier based on the type of supplier relationship.
Passcode