Professional Documents
Culture Documents
DOMAIN
CONTROL OBJECTIVE
CONTROL
5.1 s
5.1.1
5.1.2
6.1.1
6.1.2
6.1.3
6.1.4
6.1.5
6.2.1
6.2.2
7.1.1
7.1.2
7.2.2
7.2.3
7.3.1
8. Asset management
8.1.1
8.1.2
8.1.3
8.1.4
8.2.1
8.2.2
8.2.3
8.3.1
8.3.2
8.3.3
9. Access control
9.1.1
9.1.2
9.2.2
9.2.3
9.2.4
9.2.5
9.2.6
9.3.1
9.4.1
9.4.2
9.4.3
9.4.4
9.4.5
10. Cryptography
10.1.1
10.1.2
11.1.1
11.1.2
11.1.3
11.1.4
11.1.5
11.1.6
11.2 Equipment
11.2.1
11.2.2
11.2.3
11.2.4
11.2.5
11.2.6
11.2.7
11.2.8
11.2.9
12.1.1
12.1.2
12.1.3
12.1.4
12.2.1
12.3 Backup
12.3.1
12.4.1
12.4.2
12.4.3
12.4.4
12.5.1
12.6.1
12.6.2
12.7.1
13.1.1
13.1.2
13.1.3
13.2.1
13.2.2
13.2.3
13.2.4
14.1.1
14.1.2
14.1.3
14.2.1
14.2.2
14.2.3
14.2.4
14.2.5
14.2.6
14.2.7
14.2.8
14.2.9
14.3.1
15.1.1
15.1.2
15.1.3
15.2.1
15.2.2
16.1.1
16.1.2
16.1.3
16.1.4
16.1.5
16.1.6
16.1.7
17.1.1
17.1.2
17.1.3
17.1 Redundancies
17.1.4
18. Compliance
18.1.1
18.1.2
18.1.3
18.1.4
18.1.5
18.2.1
18.2.2
18.2.3
STATEMENT OF APPLICABILITY - ISO 27002:2013
DOMAIN
Source for Re
Applicability
CONTROL OBJECTIVE
(YES / NO)
RA
on security policies
Internal Organization
Segregation of duties
Teleworking
source security
Prior to Employment
Screening
During Employment
Management responsibilities
Disciplinary process
nagement
Inventory of assets
Ownership of assets
Return of assets
Information classification
Classification of information
Labelling of information
Handling of assets
Media Handling
Disposal of media
ntrol
User Responsibilities
phy
Cryptographic controls
Key management
nd environmental security
Secure Areas
Equipment
Supporting utilities
Cabling security
Equipment maintenance
Removal of assets
s security
Change management
Capacity management
Backup
Information backup
Event logging
Protection of log information
Clock synchronization
cations security
Network controls
Segregation in networks
Information transfer
Electronic messaging
Outsourced development
Test data
elationships
Collection of evidence
Redundancies
ce
Protection of records