Interdependency indicator -
ISO IEC 27002 control name EXAMPLE OF IMPLEMENTATION
Policies for information security
Control ID:
5.1.1
Domain:
5Information Security Policies
Subdomain:
5.1Management direction for information security

A set of policies for information security should be defined, approved by management, published and communicated to employees and relevant external parties.

Count the number of organisations that have access or been informed about the Information Security Policy of the organisation.
Access to networks and network services
Control ID:
9.1.2
Domain:
9Access Control
Subdomain:
9.1Business requirements of acess control

Users should only be provided with access to the network and network services that they have been specifically authorized to use.

Count the number of client's access to the information systems.
Managing changes to supplier services
Control ID:
15.2.2
Domain:
15Supplier Relationships
Subdomain:
15.2Supplier service delivery management

Changes to the provision of services by suppliers, including maintaining and improving existing information security policies, procedures and controls, should be managed, taking account of the criticality of business information, systems and processes involved and re-assessment of risks.

Count the number of changes related to supplier performance.
Monitoring and review of supplier services
Control ID:
15.2.1
Domain:
15Supplier Relationships
Subdomain:
15.2Supplier service delivery management

Organisations should regularly monitor, review and audit supplier service delivery.

Review the supplier aggreements. Count the number of contractors and subcontractors supporting the critical services.
Information security policy for supplier relationships
Control ID:
15.1.1
Domain:
15Supplier Relationships
Subdomain:
15.1Information security in supplier relatinships

Information security requirements for mitigating the risks associated with supplier’s access to the organisation’s assets should be agreed with the supplier and documented.

Count the number of unique suppliers, the organisation has made the relevant policy available.
Information and communication technology supply chain
Control ID:
15.1.3
Domain:
15Supplier Relationships
Subdomain:
15.1Information security in supplier relatinships

Agreements with suppliers should include requirements to address the information security risks associated with information and communications technology services and product supply chain.

Count the number of suppliers related to the provision of critical services.
Addressing security within supplier agreements
Control ID:
15.1.2
Domain:
15Supplier Relationships
Subdomain:
15.1Information security in supplier relatinships

All relevant information security requirements should be established and agreed with each supplier that may access, process, store, communicate, or provide IT infrastructure components for, the organisation’s information.

Count the number of unique suppliers, based on the documented supplier agreements.
Identification of applicable legislation and contractual requirements
Control ID:
18.1.1
Domain:
18Compliance
Subdomain:
18.1Compliance with legal and contractual requirements

All relevant legislative statutory, regulatory, contractual requirements and the organisation’s approach to meet these requirements should be explicitly identified, documented and kept up to date for each information system and the organisation.

Review the list of applicable legislation and regulations. Count the number of laws that mandate the use of this provider.

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information