⌘Ctrlk

Introduction
- Set up your ISMS
- Company Settings
- Overview
- Annex A Controls
  Annex A.5 - Organisational Controls
  Annex A 5.1 - Policies for Information Security
  Annex A 5.2 - Information Security Roles and Responsibilities
  Annex A 5.3 - Segregation of Duties
  Annex A 5.4 - Management Responsibilities
  Annex A 5.5 - Contact With Authorities
  Annex A 5.6 - Contact With Special Interest Groups
  Annex A 5.7 - Threat Intelligence
  Annex A 5.8 - Information Security in Project Management
  Annex A 5.9 - Inventory of Information and Other Associated Assets
  Annex A 5.10 - Acceptable Use of Information and Other Associated Assets
  Annex A 5.11 - Return of Assets
  Annex A 5.12 - Classification of Information
  Annex A 5.13 - Labelling of Information
  Annex A 5.14 - Information Transfer
  Annex A 5.15 - Access Control
  Annex A 5.16 - Identity Management
  Annex A 5.17 - Authentication Information
  Annex A 5.18 - Access Rights
  Annex A 5.19 - Information Security in Supplier Relationships
  Annex A 5.20 - Addressing Information Security Within Supplier Agreements
  Annex A 5.21 - Managing Information Security in the ICT Supply Chain
  Annex A 5.22 - Monitoring, Review and Change Management of Supplier Services
  Annex A 5.23 - Information Security for Use of Cloud Services
  Annex A 5.24 - Information Security Incident Management Planning and Preparation
  Annex A 5.25 - Assessment and Decision on Information Security Events
  Annex A 5.26 - Response to Information Security Incidents
  Annex A 5.27 - Learning From Information Security Incidents
  Annex A 5.28 - Collection of Evidence
  Annex A 5.29 - Information Security During Disruption
  Annex A 5.30 - ICT Readiness for Business Continuity
  Annex A 5.31 - Legal, Statutory, Regulatory and Contractual Requirements
  Annex A 5.32 - Intellectual Property Rights
  Annex A 5.33 - Protection of Records
  Annex A 5.34 - Privacy and Protection of PII
  Annex A 5.35 - Independent Review of Information Security
  Annex A 5.36 - Compliance With Policies, Rules and Standards for Information Security
  Annex A 5.37 - Documented Operating Procedures
  Annex A.6 - People Controls
  Annex A.7 -Physical Controls
  Annex A.8 - Technological Controls
- Overview
- Controls
- Tools
- Suppliers
Payments and refunds

Powered by GitBook

ISO27001:2022 Wiki
Annex A Controls
Annex A.5 - Organisational Controls

Annex A 5.21 - Managing Information Security in the ICT Supply Chain

Processes and procedures shall be defined and implemented to manage the information security risks associated with the ICT products and services supply chain.

PreviousAnnex A 5.20 - Addressing Information Security Within Supplier Agreements NextAnnex A 5.22 - Monitoring, Review and Change Management of Supplier Services

Last updated 2 years ago