Interdependencies between essential and important entities

Interdependency indicator -
ISO IEC 27002 control name EXAMPLE OF IMPLEMENTATION
Confidentiality or non-disclosure agreements
Control ID:
13.2.4
Domain:
13Communications Security
Subdomain:
13.2Information transfer

Requirements for confidentiality or non-disclosure agreements reflecting the organisation’s needs for the protection of information should be identified, regularly reviewed and documented.

Count the number of Confidentiality or non-disclosure agreements signed by non-employees.
Agreements on information transfer
Control ID:
13.2.2
Domain:
13Communications Security
Subdomain:
13.2Information transfer

Agreements should address the secure transfer of business information between the organisation and external parties.

Count the number of Information transfer agreements.
Security of network services
Control ID:
13.1.2
Domain:
13Communications Security
Subdomain:
13.1Network security management

Security mechanisms, service levels and management requirements of all network services should be identified and included in network services agreements, whether these services are provided in-house or outsourced.

Count the number of network services agreements.
Information and communication technology supply chain
Control ID:
15.1.3
Domain:
15Supplier Relationships
Subdomain:
15.1Information security in supplier relatinships

Agreements with suppliers should include requirements to address the information security risks associated with information and communications technology services and product supply chain.

Count the number of supplier agreements with identified and documented Service Level Requirements covering also their critical supply chain.
Addressing security within supplier agreements
Control ID:
15.1.2
Domain:
15Supplier Relationships
Subdomain:
15.1Information security in supplier relatinships

All relevant information security requirements should be established and agreed with each supplier that may access, process, store, communicate, or provide IT infrastructure components for, the organisation’s information.

Count the number of supplier agreements with identified and documented Service Level Requirements.
Regulation of cryptographic controls
Control ID:
18.1.5
Domain:
18Compliance
Subdomain:
18.1Compliance with legal and contractual requirements

Cryptographic controls should be used in compliance with all relevant agreements, legislation and regulations.

Count the number of agreements imposing cryptografic controls.

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies