Interdependencies between essential and important entities
ENISA Interdependencies Indicators Tool
ISO IEC 27002 control name | EXAMPLE OF IMPLEMENTATION |
---|---|
Confidentiality or non-disclosure agreements
Requirements for confidentiality or non-disclosure agreements reflecting the organisation’s needs for the protection of information should be identified, regularly reviewed and documented. |
Count the number of Confidentiality or non-disclosure agreements signed by non-employees. |
Agreements on information transfer
Agreements should address the secure transfer of business information between the organisation and external parties. |
Count the number of Information transfer agreements. |
Security of network services
Security mechanisms, service levels and management requirements of all network services should be identified and included in network services agreements, whether these services are provided in-house or outsourced. |
Count the number of network services agreements. |
Information and communication technology supply chain
Agreements with suppliers should include requirements to address the information security risks associated with information and communications technology services and product supply chain. |
Count the number of supplier agreements with identified and documented Service Level Requirements covering also their critical supply chain. |
Addressing security within supplier agreements
All relevant information security requirements should be established and agreed with each supplier that may access, process, store, communicate, or provide IT infrastructure components for, the organisation’s information. |
Count the number of supplier agreements with identified and documented Service Level Requirements. |
Regulation of cryptographic controls
Cryptographic controls should be used in compliance with all relevant agreements, legislation and regulations. |
Count the number of agreements imposing cryptografic controls. |