Interdependency indicator -
ISO IEC 27002 control name EXAMPLE OF IMPLEMENTATION
Protecting against external and environmental attacks
Control ID:
11.1.4
Domain:
11Physical and Environmental Security
Subdomain:
11.1Secure areas

Physical protection against natural disasters, malicious attack or accidents should be designed and applied.

Keep a list of different physical locations reachable through a cyber attack to determine geographical distribution.
Managing changes to supplier services
Control ID:
15.2.2
Domain:
15Supplier Relationships
Subdomain:
15.2Supplier service delivery management

Changes to the provision of services by suppliers, including maintaining and improving existing information security policies, procedures and controls, should be managed, taking account of the criticality of business information, systems and processes involved and re-assessment of risks.

Review change requests related to supplier services. Focus on changes of geographical distribution and sub suppliers and their location.
Monitoring and review of supplier services
Control ID:
15.2.1
Domain:
15Supplier Relationships
Subdomain:
15.2Supplier service delivery management

Organisations should regularly monitor, review and audit supplier service delivery.

Review supply chain contracts to determine suppliers' exposure to cyber security risks; emphasise on supplier's dependencies, force majoure terms and governing law.
Information security policy for supplier relationships
Control ID:
15.1.1
Domain:
15Supplier Relationships
Subdomain:
15.1Information security in supplier relatinships

Information security requirements for mitigating the risks associated with supplier’s access to the organisation’s assets should be agreed with the supplier and documented.

Review supply chain contracts to determine the suppliers and their geographical location.
Information and communication technology supply chain
Control ID:
15.1.3
Domain:
15Supplier Relationships
Subdomain:
15.1Information security in supplier relatinships

Agreements with suppliers should include requirements to address the information security risks associated with information and communications technology services and product supply chain.

Review supply chain contracts to determine suppliers' exposure to cyber security risks; emphasise on supplier's dependencies.
Addressing security within supplier agreements
Control ID:
15.1.2
Domain:
15Supplier Relationships
Subdomain:
15.1Information security in supplier relatinships

All relevant information security requirements should be established and agreed with each supplier that may access, process, store, communicate, or provide IT infrastructure components for, the organisation’s information.

Review supply chain contracts to determine suppliers' exposure to cyber security risks; emphasise on supplier's security controls in place.
Availability of information processing facilities
Control ID:
17.2.1
Domain:
17Information Security Aspects of Business Continuity Management
Subdomain:
17.2Redundancies

Information processing facilities should be implemented with redundancy sufficient to meet availability requirements.

Keep a list of different physical locations reachable through a cyber attack to determine geographical distribution. This list should include also the location of redundant components, architectures and systems.

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information