ISO 27001 Annex : 12 Operations Security
ISO 27001 Annex : 12 Operations Security in this article explain Operational procedures and responsibilities, Documented Operating Procedures, Change Management & Separation of Development, Testing and Operational Environments. A.12.1 Operational procedures and responsibilities Its objective is to ensure that information processing facilities operate correctly and securely. A.12.1.1 Documented Operating Procedures Control- Operating procedures should be documented and accessed by all users in need. Implementation Guidance- Documented procedures for operating information processing and communications facility activities should be prepared including computer start-up and closing down, backup, maintenance of equipment , media handling, computer room and mail management, and safety. The operating procedures should include the following operating instructions: Systems installation and settings; Automated and manual processing a...