ISO 27001 information Security Management System Checklist

in

Information Security Policy

  1. Whether there exists an Information security policy, which is approved by the management, published and communicated as appropriate to all employees.
  2. Whether the policy states management commitment and sets out the organizational approach to managing information security.
  3. Whether the Information Security Policy is reviewed at planned intervals, or if significant changes occur to ensure its continuing suitability, adequacy and effectiveness.
  4. Whether the Information Security policy has an owner, who has approved management responsibility for development, review and evaluation of the security policy.

Internal Organization

  1. Whether management demonstrates active support for security measures within the organization. This can be done via clear direction, demonstrated commitment, explicit assignment and acknowledgement of information security responsibilities.
  2. Whether information security activities are coordinated by representatives from diverse parts of the organization, with pertinent roles and responsibilities. 
  3. Whether responsibilities for the protection of individual assets, and for carrying out specific security processes, were clearly identified and defined.
  4. Whether management authorization process is defined and implemented for any new information processing facility within the organization.
  5. Whether the organization’s need for Confidentiality or Non-Disclosure Agreement (NDA) for protection of information is clearly defined and regularly reviewed.

Detail list can be downloaded at Sans.org
 


Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Propeller
  • Reddit
  • Magnoliacom
  • Newsvine
  • Furl
  • Facebook
  • Google
  • Yahoo
  • Technorati
  • Icerocket

Trackback URL for this post:

http://www.securityprocedure.com/trackback/115
  • 254 reads