fbpx

CIMSNex User Guides

System Guides

ISMS Guides
Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

A.7.12 Cabling Security would include:

  1. Physical Access Controls: Documentation and verification of physical access controls to cabling infrastructure, including secure areas, locked cabinets, and restricted access to cabling pathways.

  2. Cable Routing and Management: Evidence of proper cable routing and management to avoid accidental damage, tampering, or unauthorized access to network cables.

  3. Cable Labeling: Records of cables being properly labeled for identification and traceability, reducing the risk of incorrect connections and facilitating troubleshooting.

  4. Cable Inventory: A comprehensive inventory of all cabling components, such as cables, connectors, and patch panels, along with documentation of their locations and purposes.

  5. Redundancy and Resilience: Proof of redundancy and resilience measures implemented for critical cabling infrastructure to ensure continuous network connectivity and availability.

  6. Cabling Standards Compliance: Documentation showing adherence to relevant cabling standards and best practices, such as ANSI/TIA-568, ISO/IEC 11801, or other applicable standards.

  7. Cable Testing and Certification: Records of cable testing and certification to ensure that cables meet performance requirements and specifications.

  8. Physical Security Monitoring: Evidence of surveillance and monitoring measures in place to detect any physical tampering or unauthorized access to cabling infrastructure.

  9. Change Management: Documentation of change management procedures for cabling modifications, additions, or removals to ensure proper authorization and control.

  10. Disaster Recovery Planning: Assurance that cabling infrastructure is included in disaster recovery and business continuity plans to address potential disruptions.

  11. Training and Awareness: Evidence of training and awareness programs for staff involved in managing or accessing cabling infrastructure to ensure they understand security protocols and best practices.

By reviewing these pieces of evidence, an auditor can assess whether the organization has implemented appropriate measures to secure its cabling infrastructure, reducing the risk of physical security breaches, network disruptions, and unauthorized access to critical network resources

ISMS Guides
Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

A.7.11 Supporting Utilities would include:

  1. Inventory of Supporting Utilities: Documentation of all supporting utilities used within the organization's information systems, including their purpose, version, and vendor information.

  2. Authorization and Approval: Evidence that the acquisition and use of supporting utilities are authorized and approved by appropriate personnel, and that any changes or updates to these utilities follow the organization's change management process.

  3. Vendor Security Assessments: Records of security assessments conducted on supporting utility vendors to ensure they meet the organization's security requirements and standards.

  4. Vulnerability Management: Evidence of procedures for identifying and addressing vulnerabilities in supporting utilities, such as regular patching and updates to mitigate security risks.

  5. Secure Configuration: Documentation of secure configuration standards for supporting utilities to prevent unauthorized access and ensure they operate in a secure manner.

  6. Access Controls: Proof that access to supporting utilities is restricted to authorized personnel based on the principle of least privilege, and that access rights are regularly reviewed and updated.

  7. Logging and Monitoring: Records of logging and monitoring practices for supporting utilities to detect and respond to any suspicious or malicious activities.

  8. Secure Deployment: Evidence that supporting utilities are deployed securely, following established security guidelines, and that the deployment process is regularly reviewed for security risks.

  9. Encryption and Data Protection: Documentation of encryption or other protective measures implemented to safeguard sensitive data processed or transmitted by supporting utilities.

  10. Data Privacy Compliance: Assurance that supporting utilities comply with data privacy regulations and do not compromise the confidentiality and privacy of personal or sensitive information.

  11. Disaster Recovery and Business Continuity: Proof of disaster recovery and business continuity plans that include provisions for supporting utilities to ensure their availability and functionality during disruptions or emergencies.

  12. Testing and Verification: Evidence of testing and verification processes to ensure the reliability, integrity, and accuracy of supporting utilities.

By examining these pieces of evidence, an auditor can evaluate whether the organization has implemented appropriate controls and measures to ensure the security and reliability of supporting utilities used in its information systems, minimizing the risk of potential security incidents and data breaches.

ISMS Guides
Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

A.7.10 Storage Media would include:

  1. Data Storage Policy: Documentation of a comprehensive data storage policy that outlines the rules and guidelines for storing data on various types of storage media, including physical and electronic storage devices.

  2. Secure Data Storage Facilities: Proof of secure storage facilities, such as data centers, server rooms, or physical filing cabinets, with controlled access, environmental controls, and appropriate security measures.

  3. Data Classification and Access Controls: Evidence of data classification practices and access controls that define who can access and modify data stored on different storage media based on the sensitivity and criticality of the information.

  4. Data Encryption: Records of data encryption practices, particularly for data stored on portable storage media like USB drives or external hard disks, to protect against unauthorized access in case of loss or theft.

  5. Media Handling Procedures: Documentation of procedures for the proper handling, transportation, and disposal of storage media to prevent data breaches or accidental exposure of sensitive information.

  6. Media Sanitization and Destruction: Evidence of procedures for securely sanitizing or destroying data stored on storage media that are no longer in use or have reached the end of their lifecycle.

  7. Data Backup and Recovery: Proof of data backup and recovery mechanisms to ensure that critical information is regularly backed up and can be restored in case of data loss or hardware failure

  8. Physical Security Controls: Documentation of physical security controls in place to protect storage media from unauthorized access, theft, or damage, such as locked cabinets, access control systems, and surveillance.

  9. Inventory Management: Records of inventory management practices to keep track of all storage media, including their location, status, and purpose.

  10. Compliance with Regulations: Assurance that the organization's storage media practices comply with relevant legal and regulatory requirements related to data protection and privacy.

  11. Employee Training and Awareness: Evidence of training and awareness programs provided to employees on data storage best practices and the importance of securely handling storage media.

By reviewing these pieces of evidence, an auditor can assess whether the organization has implemented appropriate measures to protect data stored on different storage media and mitigate the risks associated with data storage, ensuring the confidentiality, integrity, and availability of sensitive information

USER GUIDES

Image
SIMPLIFYING IMPLEMENTATION OF ISO STANDARDS, providing specialized guidance through reliable Expert Knowledge and Software to help you obtain and maintain your ISO certification.

More Links

FEATURED STANDARDS

ISO 27001 - Information Security

ISO 20000 - IT Service Management

ISO 22301 - Business Continuity

ISO 9001 - Quality Management

ISO 45001 - Health & Safety

ISO Compliance Software
Integrate . Mantain . Comply

Search