Professional Documents
Culture Documents
IN
ISO 27001 IMPLEMENTATION
TASKS COMPLIANCE NOTES
CONTROL PHASES
?
5.1.1
4.6.6 - Assess the
completeness of supporting
documentation.
Policies for Tax Payer
Registration
4.6.5 - Confirm the
NO authenticity of invoices
NO
YES and receipts.
UNKNOWN
YES
5.1
Taxpayer Registration
6 Financial Records
Segregation of duties
6.1.2 Segregation of duties
defined?
Verification body /
6.1.3 Contact with authorities authority contacted for
compliance verification?
Evidence of information
Information security in project
6.1.5 security in project
management
management?
6.2
6.2.1
Defined policy for mobile
Mobile device policy
devices?
9 Internal control
10 Risk Management
11.2 Equipment
11.2.8
Defined policy for
Unattended user equipment unattended user
equipment?
12 Employee Training
NO
YES
UNKNOWN
YES
Defined policy for
12.7.1 Information system audit control information system audit
control?
13 Communication security
13.2.4
Defined policy for
Confidentiality or non-disclosure
confidentiality or non-
agreements
disclosure agreements?
NO
YES
UNKNOWN
YES
Defined policy for in-
14.2.1 In-house development
house development?
15 Supplier relationships
18 Compliance
DISCLAIMER
Any articles, templates, or information provided by Smartsheet on the website are for reference only. While we strive
to keep the information up to date and correct, we make no representations or warranties of any kind, express or
implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the website or the
information, articles, templates, or related graphics contained on the website. Any reliance you place on such
information is therefore strictly at your own risk.