ISO 27001 Annex : A.13.2 Information Transfer

-

ISO 27001 Annex : A.13.2  Information Transfer Its objective is to maintain the security of information transferred to any external entity and within the organization.

A.13.2.1  Information Transfer Policies and Procedures

Control- In order to protect the transferees by using all types of communication facilities, official transfer policies, procedures and controls should be developed.

Implementation guidance – The following items should be addressed in the procedures and controls required to use communications facilities to transmit information:

  1. Procedures to prevent interception, copying, altering, misrouting or destruction of transmitted information;
  2. Procedures to detect and protect malware from electronic communications which can be transmitted;
  3. Procedures for the protection of communicated electronically sensitive information in the form of an attachment;
  4. Guidelines or rules specifying an appropriate usage of communication facilities (refer to 8.1.3);
  5. The moral duty of, external party and the other user not to compromise, e.g., defamation, harassment, impersonation, transmission of chain letters, unauthorized purchase-out, etc.;
  6. Use of encryption techniques, for example, to protect confidentiality, information integrity and authenticity (refer Clause 10);
  7. retaining and disposing of guidelines in compliance with national and native legislation and regulations for all business correspondence, including messages;
  8. controls and constraints relating to the use of communication facilities, such as electronic mail automatic forwarding to external mail addresses;
  9. advise employees not to share personal details and take sufficient precautions;
  10. Do not leave messages that contain sensitive information regarding answering machines, because they can be replayed by unauthorized individuals, stored or wrongly stored as a result of wrong dialing;
  11. Advising staff on issues concerning the use of fax machines or services, in particular:
  • Unauthorized access for message retrieval to built-in message stores;
  • deliberate or unintended computer programming to transmit messages to particular numbers;
  • either misdial or use the wrong stored number to send documents and messages to the wrong number

Related Product : ISO 27001 Lead Auditor Training And Certification ISMS

Furthermore, workers should not have publicly confidential discussions or through unreliable communication networks, open offices and meeting places.

Services of information transfer should meet all relevant legal requirements.

Other Information – Different kinds of communication facilities, including electronic mail, voice, facsimile and video, can lead to the transfer of information.

The transfer of software may occur through a variety of various media, including Internet downloads and purchases of off-shell products by suppliers.

Read More : https://info-savvy.com/iso-27001-annex-a-13-2-information-transfer/

-----------------------------------------------------------------------------------------------------------------------------

This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

Comments

Post a Comment

Popular posts from this blog

10 Secrets You Will Never Know About Cyber Security And Its Important

-
Image
Know about Cyber Security Whether you’re a techie or not, there’s a good chance that your life is very reliant on the net and its wonders. Your social media accounts are likely humming, and you recognize your way round the IOT devices you employ . All of those devices connect you to the cyber world in a method or another. Here are 12 things to understand about  cyber security . And once you are sharing such a lot of your data online daily, you may also care about your cyber security.  If you’ve always thought cyber security are a few things only big companies got to care about change your mind, now. Cyber security is as critical on a private level, because it is on a company’s level. Besides, there’s hardly any job or profession, that’s not supported technology. With  jobs or a career in mind , you need to understand what threatens your security online and what you’ll be able to do to stay your data secure. 1  You’re a target to hackers Don’t ever say...
Read more

ISO 27001 Annex : A.5 Information Security Policies

-
Image
5. 1  Management direction for information security ISO 27001 Annex : A.5 Information Security Policies, Its objective is to provide management guidance and  information security  assistance in accordance with business requirements and relevant laws and regulations. 5.1.1 Policies for Information Security Control-   A set of information security policies should be established, managed accepted, published and communicated to the employees and related external parties. Implementation Guidance-  At the very least companies need to identify a management-approved “information security strategy,” which outlines the organization’s approach to managing its information security goals. Information security policies should meet criteria that have been created by: Business strategy; Regulations, legislation and contracts; The present and projected  information security threat  environment Related Product :   ISO 27001 Lead...
Read more

Impact Of ISO 27001 Lead Auditor

-
Image
Information Security Management System  ISO 27001   Standard is an Information Security Management System. The main objective of this standard is the organization shall establish, implement and maintain the information security system within the organization. Evaluate the information security Risk at each stage of operation and take the necessary action to reduce the information security Risk within the organization. In common business practice the ISO 27001 standard is also referred as ISMS standard. The summarized requirement details of ISO 27001 are given below: Context of The Organization The organization shall identify the internal and external issue related to  information security , including the legal, regulatory and contractual requirements. Determining the scope of information security management system and establishing the information security management system. Leadership The top management of the organization demonstrates the leadership and ...
Read more