SEPT
Techstreet
In Partnership with Techstreet
Providing the standard information required for your job

Checklists for Data Security Standards..

After selecting the SEPT product, you want, click on BUY and the system will transfer you to Techstreet store that does the fulfillment process for SEPT.

Checklist for Standard ISO/IEC 27001:2013-Information Security Requirements

ISO/IEC 27001:2013 gives requirements for organizational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organization's information security risk environment(s). It is designed to be used by organizations that intend to:

1. select controls within the process of implementing an Information Security Management System based on ISO/IEC 27001;

2. implement commonly accepted information security controls;

3. develop their own information security management practices 

The requirements included in the ISO/IEC 27001:2013 standard are listed at a high level with an Annexed reference to ISO 27002:2013 as appropriate guidance to demonstrate conformance to ISO/IEC 27001:2013. If an Organization is interested in testing their conformance to ISO/IEC 27001:2013 this checklist will provide an analysis of the detail in the ISO/IEC 27001 standard. However, if the organization is only interested in the guidance in ISO/IEC27002:2013 this checklist provides a list of all items suggested in Annex A of ISO/IEC 27001 that are derived from the ISO/IEC 27002 guidelines. They are addressed in detail in the Introduction to the checklist and in section 9.

Published By: Software Engineering Process Technology (SEPT)

Page Count: 110





Checklist for Standard ISO/IEC 27002:2013 - Information Security Code of Practice

ISO/IEC 27002:2013 gives guidelines for organizational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organization's information security risk environment(s).

It is designed to be used by organizations that intend to:
  • select controls within the process of implementing an Information Security Management System based on ISO/IEC 27001;

implement commonly accepted information security controls;

  • develop their own information security management practices

The updates included in the ISO/IEC 27002:2013 guidelines standard are listed at a high level in an Annexed reference in ISO 27001:2013 as appropriate guidance to demonstrate conformance to ISO/IEC 27001:2013. If an Organization is interested in testing their conformance to ISO/IEC 27001:2013 this checklist will provide an analysis of the detail in the ISO/IEC 27002 guidelines that forms a part of ISO/IEC 27001:2013.

Published By: Software Engineering Process Technology (SEPT)

Page Count: 621





Checklist for Standard ISO/IEC 27018:2014 - Information Security, Protection of Personally Identifiable Information (PII)

Description / Abstract:

Overview of the base standard ISO/IEC 27018:2014

ISO/IEC 27018 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.

ISO/IEC 27018 specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which might be applicable within the context of the information security risk environment(s) of a provider of public cloud services.

ISO/IEC 27018 is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations.

The guidelines in ISO/IEC 27018 might also be relevant to organizations acting as PII controllers; however, PII controllers can be subject to additional PII protection legislation, regulations and obligations, not applying to PII processors. ISO/IEC 27018 is not intended to cover such additional obligations

Annex A to ISO/IEC 27018:2014 specifies new controls and associated implementation guidance which, in combination with the augmented controls and guidance in ISO/IEC 27002, make up an extended control set to meet the requirements for PII protection which apply to public cloud service providers acting as PII processors. These additional controls are classified according to the 11 privacy principles of ISO/IEC 29100.

Purpose of this standard

More companies are going to the Cloud each day. The “cloud” offers organizations a variety of benefits: cost savings, flexibility and mobile access to information. However, it also raises concerns about data protection and privacy; particularly around personally identifiable information (PII). PII includes any piece of information that can identify a specific user. The more obvious examples include names and contact details or your mother’s maiden name. The cloud processor also has high risk. Security must be extremely high especially if you have a subcontractor doing part of the work. If this data is compromised it could cost a company, customers, money and reputation

Published By: Software Engineering Process Technology (SEPT)

Page Count: 101