ISO 27001 Annex : A.13.2 Information Transfer
ISO 27001 Annex : A.13.2 Information Transfer Its objective is to maintain the security of information transferred to any external entity and within the organization. A.13.2.1 Information Transfer Policies and Procedures Control- In order to protect the transferees by using all types of communication facilities, official transfer policies, procedures and controls should be developed. Implementation guidance – The following items should be addressed in the procedures and controls required to use communications facilities to transmit information: Procedures to prevent interception, copying, altering, misrouting or destruction of transmitted information; Procedures to detect and protect malware from electronic communications which can be transmitted; Procedures for the protection of communicated electronically sensitive information in the form of an attachment; Guidelines or rules specifying an appropriate usage of communication facilities ( refer to 8....