Scribd
Upload
133 views10 pages

Iso 27001 Business Continuity Checklist: Your Logo

Uploaded by

luis ser

This document contains an ISO 27001 business continuity checklist to assess compliance with information security policies and procedures. It includes 14 sections that cover topics such as information security policies, human resources security, asset management, access control, cryptography, and physical/environmental security. Each section contains multiple compliance requirements and spaces to record the assessment of compliance and any remarks.

Copyright:

© All Rights Reserved
Download as PPTX, PDF, TXT or read online from Scribd
Download as pptx, pdf, or txt

Iso 27001 Business Continuity Checklist: Your Logo

Uploaded by

luis ser
133 views10 pages
This document contains an ISO 27001 business continuity checklist to assess compliance with information security policies and procedures. It includes 14 sections that cover topics such as information security policies, human resources security, asset management, access control, cryptography, and physical/environmental security. Each section contains multiple compliance requirements and spaces to record the assessment of compliance and any remarks.

Original Title

IC-ISO-27001-Business-Continuity-Checklist-10838_PowerPoint

Copyright

© © All Rights Reserved

Available Formats

PPTX, PDF, TXT or read online from Scribd

Did you find this document useful?

Is this content inappropriate?

This document contains an ISO 27001 business continuity checklist to assess compliance with information security policies and procedures. It includes 14 sections that cover topics such as information security policies, human resources security, asset management, access control, cryptography, and physical/environmental security. Each section contains multiple compliance requirements and spaces to record the assessment of compliance and any remarks.

Copyright:

© All Rights Reserved
Download as PPTX, PDF, TXT or read online from Scribd
Download as pptx, pdf, or txt
133 views10 pages

Iso 27001 Business Continuity Checklist: Your Logo

Uploaded by

luis ser
This document contains an ISO 27001 business continuity checklist to assess compliance with information security policies and procedures. It includes 14 sections that cover topics such as information security policies, human resources security, asset management, access control, cryptography, and physical/environmental security. Each section contains multiple compliance requirements and spaces to record the assessment of compliance and any remarks.

Copyright:

© All Rights Reserved
Download as PPTX, PDF, TXT or read online from Scribd
Download as pptx, pdf, or txt
You are on page 1/ 10

ISO 27001 BUSINESS

CONTINUITY CHECKLIST
Date: 00/00/0000

YOUR
LOGO

ISO 27001 BUSINESS CONTINUITY CHECKLIST


TABLE OF CONTENTS

1 5
INFORMATION SECURITY OPERATIONS SECURITY
POLICIES /ORGANIZATION
Descriptive Text
OF INFORMATION SECURITY
Descriptive Text

6
COMMUNICATION SECURITY /
2
HUMAN RESOURCES SECURITY /
ASSET MANAGEMENT SYSTEM ACQUISITION,
DEVELOPMENT, AND MAINTENANCE
Descriptive Text
Descriptive Text

3 7
ACCESS CONTROL SUPPLIER RELATIONSHIPS /
Descriptive Text INFORMATION SECURITY INCIDENT MANAGEMENT /
INFORMATION SECURITY ASPECTS OF BUSINESS
CONTINUITY MANAGEMENT /
COMPLIANCE
CRYPTOGRAPHY / PHYSICAL Descriptive Text

4 AND ENVIRONMENTAL SECURITY


Descriptive Text
 REQUIREMENT
SECTION/ ASSESSMENT IN COMPLIANCE? REMARKS
CATEGORY

5. Information Security Policies    

5.1 Security policies exist?    

5.2 All policies approved by management?    

5.3 Evidence of compliance?    

6. Organization of information security    

6.1 Defined roles and responsibilities?    

6.2 Defined segregation of duties?    

Verification body / authority contacted for compliance


6.3    
verification?

Established contact with special interest groups regarding


6.4    
compliance?

6.5 Evidence of information security in project management?    

6.6 Defined policy for working remotely?    

INFORMATION SECURITY POLICIES / ORGANIZATION OF INFORMATION SECURITY


 REQUIREMENT
SECTION/ ASSESSMENT IN COMPLIANCE? REMARKS
CATEGORY
7. Human resource security
7.1 Defined policy for screening employees prior to employment?    

7.2 Defined policy for HR terms and conditions of employment?    

7.3 Defined policy for management responsibilities?    


Defined policy for information security awareness,
7.4    
education, and training?
7.5 Defined policy for disciplinary process regarding information security?    
Defined policy for HR termination or change-of-employment
7.6    
policy regarding information security?
8. Asset management
8.1 Complete inventory list of assets?    

8.2 Complete ownership list of assets?    

8.3 Defined "acceptable use" of assets policy?    

8.4 Defined return of assets policy?    

8.5 Defined policy for classification of information?    

8.6 Defined policy for labeling information?    

8.7 Defined policy for handling of assets?    

8.8 Defined policy for management of removable media?    

8.9 Defined policy for disposal of media?    

8.10 Defined policy for physical media transfer?    

HUMAN RESOURCES SECURITY / ASSET MANAGEMENT


 REQUIREMENT
IN
SECTION/ ASSESSMENT REMARKS
COMPLIANCE?
CATEGORY
9. Access control      
9.1 Defined policy for access control policy?  

9.2 Defined policy for access to networks and network services?    

9.3 Defined policy for user asset registration and de-registration?    

9.4 Defined policy for user access provisioning?    

9.5 Defined policy for management of privileged access rights?    


Defined policy for management of secret authentication
9.6    
information of users?
9.7 Defined policy for review of user access rights?    

9.8 Defined policy for removal or adjustment of access rights?    

9.9 Defined policy for use of secret authentication information?    

9.10 Defined policy for information access restrictions?    

9.11 Defined policy for secure log-in procedures?    

9.12 Defined policy for password management systems?    

9.13 Defined policy for use of privileged utility programs?    


Defined policy for access control
9.14    
to program source code?

ACCESS CONTROL
 REQUIREMENT
SECTION/ ASSESSMENT IN COMPLIANCE? REMARKS
CATEGORY
10. Cryptography    
10.1 Defined policy for use of cryptographic controls?    
10.2 Defined policy for key management?    
11. Physical and environmental security    
11.1 Defined policy for physical security perimeter?    
11.2 Defined policy for physical entry controls?    
11.3 Defined policy for securing offices, rooms, and facilities?    
Defined policy for protection against external and environmental
11.4    
threats?
11.5 Defined policy for working in secure areas?    
11.6 Defined policy for delivery and loading areas?    
11.7 Defined policy for equipment siting and protection?    
11.8 Defined policy for supporting utilities?    
11.9 Defined policy for cabling security?    
11.10 Defined policy for equipment maintenance?    
11.11 Defined policy for removal of assets?    
Defined policy for security of equipment and assets
11.12    
off premises?
11.13 Secure disposal or re-use of equipment?    
11.14 Defined policy for unattended user equipment?    

11.15 Defined policy for clear desk and clear screen policy?    

CRYPTOGRAPHY / PHYSICAL AND ENVIRONMENTAL SECURITY


 REQUIREMENT
IN
SECTION/ ASSESSMENT REMARKS
COMPLIANCE?
CATEGORY
12. Operations security
12.1 Defined policy for documented operating procedures?    

12.2 Defined policy for change management?    

12.3 Defined policy for capacity management?    


Defined policy for separation of development, testing, and
12.4    
operational environments?
12.5 Defined policy for controls against malware?    

12.6 Defined policy for backing up systems?    

12.7 Defined policy for information backup?    

12.8 Defined policy for event logging?    


Defined policy for protection of
12.9    
log information?
12.10 Defined policy for administrator and operator log?    

12.11 Defined policy for clock synchronization?    


Defined policy for installation of software on operational
12.12    
systems?
12.13 Defined policy for management of technical vulnerabilities?    

12.14 Defined policy for restriction on software installation?    

12.15 Defined policy for information system audit control?    

OPERATIONS SECURITY
 REQUIREMENT
SECTION/ ASSESSMENT IN COMPLIANCE? REMARKS
CATEGORY
13. Communication security 
13.1 Defined policy for network controls?    

13.2 Defined policy for security of network services?    

13.3 Defined policy for segregation in networks?    

13.4 Defined policy for information transfer policies and procedures?    

13.5 Defined policy for agreements on information transfer?    

13.6 Defined policy for electronic messaging?    

13.7 Defined policy for confidentiality or non-disclosure agreements?    

Defined policy for system acquisition, development, and


13.8    
maintenance?
14. System acquisition, development, and maintenance
Defined policy for information security requirements analysis and
14.1    
specification?
Defined policy for securing application services on public
14.2    
networks?

14.3 Defined policy for protecting application service transactions?    

14.4 Defined policy for in-house development?    

COMMUNICATION SECURITY / SYSTEM ACQUISITION, DEVELOPMENT, AND MAINTENANCE


 REQUIREMENT
SECTION/ ASSESSMENT IN COMPLIANCE? REMARKS
CATEGORY
15. Supplier relationships
15.1 Defined policy for supplier relationships?  

16. Information security incident management


16.1 Defined policy for information security management?    

17. Information security aspects of business continuity management


17.1 Defined policy for information security continuity?    

17.2 Defined policy for redundancies?    

18. Compliance
Defined policy for identification of applicable legislation and
18.1    
contractual requirement?

18.2 Defined policy for intellectual property rights?    

18.3 Defined policy for protection of records?    

Defined policy for privacy and protection of personally identifiable


18.4    
information?

18.5 Defined policy for regulation of cryptographic control?    

18.6 Defined policy for compliance with security policies and standards?    

18.7 Defined policy for technical compliance review?    

SUPPLIER RELATIONSHIPS / INFORMATION SECURITY INCIDENT MANAGEMENT /


INFORMATION SECURITY ASPECTS OF BUSINESS CONTINUITY MANAGEMENT / COMPLIANCE
DISCLAIMER
 
Any articles, templates, or information provided by Smartsheet on the website are for reference only. While
we strive to keep the information up to date and correct, we make no representations or warranties of any
kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with
respect to the website or the information, articles, templates, or related graphics contained on the website.
Any reliance you place on such information is therefore strictly at your own risk.
 
This template is provided as a sample only. This template is in no way meant as legal or compliance advice.
Users of the template must determine what information is necessary and needed to accomplish their
objectives.

You might also like