ISO 27001

A.5.1 Policies for information security

Define, approve, publish and review a set of information security policies.

A.5.7 Threat intelligence

Collect and analyse information about information security threats to produce actionable intelligence.

A.5.9 Inventory of information and other associated assets

Maintain an inventory of information and associated assets, including owners.

A.5.15 Access control

Establish and implement rules to control physical and logical access to information based on business and security requirements.

A.5.16 Identity management

Manage the full lifecycle of identities used to access information and other associated assets.

A.5.24 Information security incident management planning and preparation

Plan and prepare for managing information security incidents by defining processes, roles and responsibilities.

A.5.26 Response to information security incidents

Respond to information security incidents in line with documented procedures.

A.8.8 Management of technical vulnerabilities

Obtain information about technical vulnerabilities, evaluate exposure and take appropriate remediation measures.

A.8.16 Monitoring activities

Monitor networks, systems and applications for anomalous behaviour and act on potential incidents.

A.8.24 Use of cryptography

Define and implement rules for the effective use of cryptography, including key management.

A.8.9 Configuration management

Establish, document, implement, monitor and review the configuration of hardware, software, services and networks.

A.8.13 Information backup

Maintain and regularly test backup copies of information, software and systems in line with the backup policy.

A.8.15 Logging

Produce, store, protect and analyse logs that record activities, exceptions, faults and other relevant events.