This section includes the following sub-sections:

12.1 Compliance with legal requirements - the organization must comply with applicable legislation such as copyright, data protection, protection of financial data, cryptography restrictions, rules of evidence etc.

12.2 Reviews of security policy and technical compliance - managers and system owners must ensure compliance with security policies and standards, for example through regular reviews, penetration tests etc.

12.3 System audit considerations - audits should be carefully planned to minimize disruption to operational systems. Powerful audit tools/facilities must also be protected against unauthorized use.

Recently Changed
Certification (ages ago)
risk treatment plan (ages ago)
Spanish (ages ago)