Interdependency indicator -
ISO IEC 27002 control name EXAMPLE OF IMPLEMENTATION
Confidentiality or non-disclosure agreements
Control ID:
13.2.4
Domain:
13Communications Security
Subdomain:
13.2Information transfer

Requirements for confidentiality or non-disclosure agreements reflecting the organisation’s needs for the protection of information should be identified, regularly reviewed and documented.

Count the number of Confidentiality or non-disclosure agreements signed by non-employees.
Agreements on information transfer
Control ID:
13.2.2
Domain:
13Communications Security
Subdomain:
13.2Information transfer

Agreements should address the secure transfer of business information between the organisation and external parties.

Count the number of Information transfer agreements.
Security of network services
Control ID:
13.1.2
Domain:
13Communications Security
Subdomain:
13.1Network security management

Security mechanisms, service levels and management requirements of all network services should be identified and included in network services agreements, whether these services are provided in-house or outsourced.

Count the number of network services agreements.
Information and communication technology supply chain
Control ID:
15.1.3
Domain:
15Supplier Relationships
Subdomain:
15.1Information security in supplier relatinships

Agreements with suppliers should include requirements to address the information security risks associated with information and communications technology services and product supply chain.

Count the number of supplier agreements with identified and documented Service Level Requirements covering also their critical supply chain.
Addressing security within supplier agreements
Control ID:
15.1.2
Domain:
15Supplier Relationships
Subdomain:
15.1Information security in supplier relatinships

All relevant information security requirements should be established and agreed with each supplier that may access, process, store, communicate, or provide IT infrastructure components for, the organisation’s information.

Count the number of supplier agreements with identified and documented Service Level Requirements.
Regulation of cryptographic controls
Control ID:
18.1.5
Domain:
18Compliance
Subdomain:
18.1Compliance with legal and contractual requirements

Cryptographic controls should be used in compliance with all relevant agreements, legislation and regulations.

Count the number of agreements imposing cryptografic controls.

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information