Communications and Operations Management
This section covers security aspects of IT systems and network operations activities. It contains the following sub-sections:

8.1 Operational procedures and responsibilities - operating procedures should be documented. Changes to IT facilities and systems should be controlled. Responsibilities and procedures should be established for incident management and recovery. Segregation of duties should be applied. Development and operational facilities should be segregated. Security requirements should be taken into account in third party facilities management.

8.2 System planning and acceptance - covers IT capacity planning and production data, system information etc. Disposal of backup media, documents, voice and other recordings, test data etc. should be logged and controlled. Procedures should be defined for securely handling, transporting and storing backup media and system documentation.

8.7 Exchanges of information and software - information and software exchanges between organizations should be controlled, for example though escrow agreements, e-commerce security, email security and voice/fax/video security. Information exchanges should also comply with applicable legislation. Electronic office systems and publicly accessible systems should be secured.

Recently Changed
Certification (ages ago)
risk treatment plan (ages ago)
Spanish (ages ago)