The Systems Management Policy outlines the security requirements for the management of Company’s IT networks, Information Systems and the integrity of related business processes.
All IT networks and Information Systems are subject to this policy, including those that contain Client Confidential Information, as defined in the ISMS Scope Statement.
CONTENT
1. OVERVIEW
1.1 PROCEDURE OWNER
1.2 CLASSIFICATION
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.5 OBJECTIVES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. SECURITY REQUIREMENTS
3.1 SECURITY REQUIREMENTS
4. CRYPTOGRAPHIC CONTROLS
4.1 USING CRYPTOGRAPHIC CONTROLS
4.2 KEY MANAGEMENT
5. SECURITY REQUIREMENTS OF INFORMATION SYSTEMS
5.1 SECURITY REQUIREMENTS OF INFORMATION SYSTEMS
6. SECURITY IN DEVELOPMENT AND SUPPORT PROCESSES
6.1 SECURITY OF SOFTWARE AND TEST DATA
6.2 SYSTEM DOCUMENTATION
6.3 SECURE DEVELOPMENT POLICY
6.4 SYSTEM CHANGE CONTROL PROCEDURE
6.5 TECHNICAL REVIEW OF APPLICATIONS AFTER OPERATING PLATFORM CHANGES
6.6 RESTRICTIONS ON CHANGES TO SOFTWARE PACKAGES
6.7 SECURE SYSTEM ENGINEERING PRINCIPLES
6.8 SECURE DEVELOPMENT ENVIRONMENT
6.9 SYSTEM MONITORING AND INFORMATION LEAKAGE
6.10 OUTSOURCED DEVELOPMENT
6.11 SYSTEM SECURITY TESTING
6.12 SYSTEM ACCEPTANCE TESTING
7. APPLICATION DEVELOPMENT
7.1 INPUT DATA VALIDATION
7.2 CONTROL OF INTERNAL PROCESSING
7.3 MESSAGE INTEGRITY
7.4 OUTPUT DATA VALIDATION
8. OPERATIONAL PROCEDURES AND RESPONSIBILITIES
8.1 DOCUMENTED OPERATING PROCEDURES
8.2 SEGREGATION OF DUTIES
8.3 CAPACITY MANAGEMENT
8.4 SEPARATION OF DEVELOPMENT, TESTING AND OPERATIONAL ENVIRONMENTS
9. PROTECTION AGAINST MALICIOUS CODE
10. VULNERABILITY MANAGEMENT
10.1 MANAGEMENT OF TECHNICAL VULNERABILITIES
10.2 PATCH MANAGEMENT
10.3 RESTRICTIONS ON SOFTWARE INSTALLATION
11. NETWORK SECURITY MANAGEMENT
11.1 NETWORK CONTROLS
11.2 SECURITY OF NETWORK SERVICES
11.3 SEGREGATION IN NETWORKS
12. LOGGING AND MONITORING
12.1 EVENT LOGGING
12.2 MONITORING SYSTEM USE
12.3 PROTECTION OF LOG INFORMATION
12.4 ADMINISTRATOR AND OPERATOR LOGS
12.5 FAULT LOGGING
12.6 CLOCK SYNCHRONIZATION
13. CLOUD SECURITY
13.1 GENERAL REQUIREMENTS
14. PRIVACY BY DESIGN (PBD)
14.1 DATA MINIMIZATION, PSEUDONYMIZATION AND ANONYMIZATION
14.2 DATA SUBJECT RIGHTS
15. EXCEPTIONS
16. FINAL CONSIDERATIONS
16.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
16.2 DOCUMENT REVISION
Pages: 20
This bundle contains all the products listed in the Operations Management section. Take advantage of the 25% OFF when buying the bundle!
Adequate Capacity Management Policy must be defined and implemented at the Company, in order to be possible to correctly monitor the performance of the existing or future Company systems, to forecast their future evolution and identify possible bottlenecks.
The Cryptographic Control Policy intends to draw the general principles acceptable to the Company for the usage of cryptography. This policy applies to all employees and partners and to all electronic transactions wherein one or more of the abovementioned parties are involved. The Company will select appropriate cryptographic controls based on a risk assessment.
Review Systems Management Policy.
You must be logged in to post a review.