Get compliant with ISO:27001 – Annex A.13 and simplify compliance for your organisation.
Ensuring the safeguarding of information in networks and supporting information processing facilities.
An organisation’s network and information processing facilities must be ensured to shield and protect their information from any intrusions and interceptions. To do this, there needs to be an in-depth understanding about the network’s requirements, dangers, and assets. Both internal and external threats should be considered when developing a security policy.
The types of security structures, service levels and business requirements of all network services have to be identified and included when creating network service agreements. A risk assessment plan should also be developed in case of any threats to the network.
Making sure that there are separate systems in place for various types of users, information services, and information systems. This is to make sure that each service handles its own logistics. This can be achieved through different physical networks or via logical networks.
Ensuring that data sent and received from outside and around the company is safe and secure.
Creating policies to keep data safe when it travels within the network. There should be procedures in place for prevention of intercepting or altering information by third parties. Encryption techniques are required to keep information confidential.
Any company agreements with external parties should explicitly state that any data exchanged must be kept confidential. This should be done to protect both physical and digital copies of information, and in accordance with the agreement’s specific categorisation standards.
Information transferred via electronic messaging must be protected from cyber threats and should fit the policy criteria respective of its content type. Encryption and other security techniques should be used.
A digital confidentiality agreement must be signed before any information can be exchanged via any network. This is critical for data protection as it legally binds the parties involved.