2. A.18.1
A.18.1.1 – A.18.1.5
A.18.2
A.18.2.1 – A.18.2.3
References
Contents
Application Development Company Indiahttp://www.ifourtechnolab.com
3. A.18.1
This control is about compliance with legal and contractual requirements.
Control objective:
To avoid breaches of legal, statutory, regulatory or contractual obligations related to
information security and of any security requirements.
Organization has to follow legal and contractual requirements otherwise
non-conformity can be given to that organization.
Application Development Company Indiahttp://www.ifourtechnolab.com
4. This control explains identification of applicable legislation and contractual
requirements.
Control objective:
All relevant legislative statutory, regulatory, contractual requirements and the
organization’s approach to meet these requirements shall be explicitly identified,
documented and kept up to date for each information system and the organization.
A.18.1.1
Application Development Company Indiahttp://www.ifourtechnolab.com
5. A.18.1.2 : Intellectual property rights
This control is about all intellectual property rights like copyright, patent etc
to avoid unauthorized access to intellectual property of organization.
Control Objective:
Appropriate procedures shall be implemented to ensure compliance with legislative,
regulatory and contractual requirements related to intellectual property rights and use of
proprietary software products.
Application Development Company Indiahttp://www.ifourtechnolab.com
6. Control A.18.1.3 explains how records should be protected after any natural
disaster like earthquake, fire or any loss.
Organization should take safety measures for business continuity and disaster
recovery.
Control objective:
Records shall be protected from loss, destruction, falsification, unauthorized access and
unauthorized release, in accordance with legislatory, contractual and business
requirements.
A.18.1.3 : Protection of records
Application Development Company Indiahttp://www.ifourtechnolab.com
7. A.18.1.4 and A.18.1.5
Control A.18.1.4 : Privacy and protection of personally identifiable information
Objective of A.18.1.4:
Privacy and protection of personally identifiable information shall be ensured as
required in relevant legislation and regulation where applicable.
Control A.18.1.5 : Regulation of cryptographic controls
Objective of A.18.1.5:
Cryptographic controls shall be used in compliance with all relevant agreements,
legislation and regulations.
Application Development Company Indiahttp://www.ifourtechnolab.com
8. A.18.2 : Information security reviews
Control Objective:
To ensure that information security is implemented and operated in accordance with
the organizational policies and procedures.
Organizational policies and procedures are reviewed by an auditor.
If these policies are not compliant then auditor will give non-conformity or
suggestion.
Application Development Company Indiahttp://www.ifourtechnolab.com
9. This control is about Independent review of information security.
Control objective:
The organization’s approach to managing information security and its implementation
shall be reviewed independently at planned intervals or when significant changes occur.
Implementation of information security:
Control objectives
Controls
Policies
Processes
Procedures
A.18.2.1
Application Development Company Indiahttp://www.ifourtechnolab.com
10. A.18.2.2 : Compliance with security policies and standards
Control objective:
Managers shall regularly review the compliance of information processing and
procedures within their area of responsibility with the appropriate security policies,
standards and any other security requirements.
A.18.2.3 : Technical compliance review
Control objective:
Information systems shall be regularly reviewed for compliance with the organization’s
information security policies and standards.
A.18.2.2 and A.18.2.3
Application Development Company Indiahttp://www.ifourtechnolab.com
12. iFour Consultancy Services
Visit these websites for more details:
http://www.ifour-consultancy.com
http://www.ifourtechnolab.com
THANK YOU!!!
Application Development Company Indiahttp://www.ifourtechnolab.com
Editor's Notes
Application Development Company India - http://www.ifourtechnolab.com/
Application Development Company India - http://www.ifourtechnolab.com/
Application Development Company India - http://www.ifourtechnolab.com/
Application Development Company India - http://www.ifourtechnolab.com/
Application Development Company India - http://www.ifourtechnolab.com/
Application Development Company India - http://www.ifourtechnolab.com/
Application Development Company India - http://www.ifourtechnolab.com/
Application Development Company India - http://www.ifourtechnolab.com/
Application Development Company India - http://www.ifourtechnolab.com/
Application Development Company India - http://www.ifourtechnolab.com/
Application Development Company India - http://www.ifourtechnolab.com/
Application Development Company India - http://www.ifourtechnolab.com/