Control a.18 compliance - by software outsourcing company in India

iFour ConsultancyControl A.18 : Compliance

Application Development Company India - http://www.ifourtechnolab.com/1

A.18.1A.18.1.1 A.18.1.5A.18.2A.18.2.1 A.18.2.3References

ContentsApplication Development Company India

http://www.ifourtechnolab.com


A.18.1This control is about compliance with legal and contractual requirements.

Control objective:To avoid breaches of legal, statutory, regulatory or contractual obligations related to information security and of any security requirements.

Organization has to follow legal and contractual requirements otherwise non-conformity can be given to that organization.

Application Development Company India



This control explains identification of applicable legislation and contractual requirements.

Control objective:All relevant legislative statutory, regulatory, contractual requirements and the organizations approach to meet these requirements shall be explicitly identified, documented and kept up to date for each information system and the organization.A.18.1.1




A.18.1.2 : Intellectual property rights This control is about all intellectual property rights like copyright, patent etc to avoid unauthorized access to intellectual property of organization.

Control Objective:Appropriate procedures shall be implemented to ensure compliance with legislative, regulatory and contractual requirements related to intellectual property rights and use of proprietary software products.




Control A.18.1.3 explains how records should be protected after any natural disaster like earthquake, fire or any loss.Organization should take safety measures for business continuity and disaster recovery.Control objective:Records shall be protected from loss, destruction, falsification, unauthorized access and unauthorized release, in accordance with legislatory, contractual and business requirements.

A.18.1.3 : Protection of records




A.18.1.4 and A.18.1.5Control A.18.1.4 : Privacy and protection of personally identifiable informationObjective of A.18.1.4:Privacy and protection of personally identifiable information shall be ensured as required in relevant legislation and regulation where applicable.

Control A.18.1.5 : Regulation of cryptographic controlsObjective of A.18.1.5:Cryptographic controls shall be used in compliance with all relevant agreements, legislation and regulations.




A.18.2 : Information security reviews Control Objective:To ensure that information security is implemented and operated in accordance with the organizational policies and procedures.

Organizational policies and procedures are reviewed by an auditor.If these policies are not compliant then auditor will give non-conformity or suggestion.




This control is about Independent review of information security.Control objective:The organizations approach to managing information security and its implementation shall be reviewed independently at planned intervals or when significant changes occur.Implementation of information security:Control objectivesControlsPoliciesProcessesProceduresA.18.2.1




A.18.2.2 : Compliance with security policies and standardsControl objective:Managers shall regularly review the compliance of information processing and procedures within their area of responsibility with the appropriate security policies, standards and any other security requirements.

A.18.2.3 : Technical compliance reviewControl objective:Information systems shall be regularly reviewed for compliance with the organizations information security policies and standards.A.18.2.2 and A.18.2.3




Referenceshttp://www.slideshare.net/null0x00/iso-27001-2013-changeshttp://www.bsigroup.com/LocalFiles/en-GB/iso-iec-27001/resources/BSI-ISO27001-transition-guide-UK-EN-pdf.pdfhttps://en.wikipedia.org/wiki/ISO/IEC_27001:2013http://www.iso27001security.com/html/27001.html




iFour Consultancy Services

Visit these websites for more details:http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com

THANK YOU!!!




Control a.18 compliance - by software outsourcing company in India

Technology

Transcript of Control a.18 compliance - by software outsourcing company in India