2. ISO 27001:2013 has classified the Organization of Information Security into:
Clause A.6.1: Internal Organization
Clause A.6.2: Mobile devices and Teleworking
Organization of Information Security – ISMS Requirements
ISO for Software Outsourcing Companies in India
3. To establish a management framework to initiate and control the implementation operation of
information security within the organization.
Clause A.6.1: Internal Organization
A.6.1.1 Information security roles and responsibilities
A.6.1.2 Segregation of duties
A.6.1.3 Contact with authorities
A.6.1.4 Contact with special interest groups
A.6.1.5 Information security in project management
4. Identification of the individual/individuals responsible for security of each
information facility
Clear definition and identification of assets and associated security controls for each
information facility
A.6.1.1 Information Security Roles and Responsibilities
ISO for Software Outsourcing Companies in India
• All information security responsibilities shall be defined and allocated.
5. A.6.1.2 Segregation of Duties
The first is the prevention of conflict of interest, the appearance of conflict of interest,
wrongful acts, fraud, abuse and errors.
The second is the detection of control failures that include security breaches,
information theft, and circumvention of security controls.
• Conflicting duties and areas of responsibility shall be segregated to reduce opportunities for
unauthorized or unintentional modification or misuse of the organization’s assets.
6. A.6.1.3 Contact with Authorities
Specification of the manner and timing in which breaches shall be communicated to
external authorities so as to ensure appropriate reporting
Development of procedures, policies and contact lists that specify by whom and when
external authorities should be contacted
• Appropriate contacts with relevant authorities shall be maintained.
7. A.6.1.4 Contact with Special Interest Groups
• Control: Appropriate contacts with special interest groups or other specialist security forums and
professional associations shall be maintained.
8. A.6.1.5 Information Security in Project Management
set out the basics of how information security should be considered as part of the
overall framework of the project management with organization
creation of “mini-ISMS” within the project to ensure that risks are identified and
managed
• Information security shall be addressed in project management, regardless of the type of the
project.
9. To ensure the security of teleworking and use of mobile devices.
A.6.2 Mobile Devices and Teleworking
A.6.2.1 Mobile Device Policy
A.6.2.2 Teleworking Policy
10. A.6.2.1 Mobile Device Policy
Regular data backups for stored sensitive data
Physical security measures
Secure communication methods for transmitted data such as Virtual Private Network
Updates for operating system and other software updating
Access control and appropriate user authentication (biometric-based)
Cryptographic methods for sensitive data
Protective software such as anti-virus and others
11. A.6.2.2 Teleworking Policy
Environmental and physical security measures
Policies concerning safety of private property used at the site
Appropriate user access control and authentication
Security measures for wireless and wired network configurations at the site
Cryptographic techniques for communications from/to the site and data storage
Data backup at regular intervals and security measures for those backup copies
13. Visit our websites :
http://www.ifour-consultancy.com
http://www.ifourtechnolab.com
For more details :
ISO for Software Outsourcing Companies in India
Notes de l'éditeur
ISO for Software Outsourcing Companies in India – http://www.ifour-consultancy.com
http://www.ifourtechnolab.com
ISO for Software Outsourcing Companies in India – http://www.ifour-consultancy.com
http://www.ifourtechnolab.com
ISO for Software Outsourcing Companies in India – http://www.ifour-consultancy.com
http://www.ifourtechnolab.com
ISO for Software Outsourcing Companies in India – http://www.ifour-consultancy.com
http://www.ifourtechnolab.com
ISO for Software Outsourcing Companies in India – http://www.ifour-consultancy.com
http://www.ifourtechnolab.com