Yes
No
In Progress
1. Inventory of assets
Is there a maintained inventory or register of the important assets associated with each
a.
information system?
Information classification
1. Classification guidelines
Is there an Information classification scheme or guideline in place; which will assist in
a.
determining how the information is to be handled and protected?
2. Information labeling and handling
Is there an appropriate set of procedures defined for information labeling and handling in
a.
accordance with the classification scheme adopted by the organization?
Personnel security
Security in job definition and Resourcing
1. Including security in job responsibilities
Are security roles and responsibilities as laid in Organization=s information security policy
a.
documented where appropriate?
Does this include general responsibilities for implementing or maintaining security policy
as well as specific responsibilities for protection of particular assets, or for extension of
particular security processes or activities?
2. Confidentiality agreements
Do employees sign Confidentiality or non-disclosure agreements as a part of their initial
a.
terms and conditions of the employment and annually thereafter?
b.
Does this agreement cover the security of the information processing facility and
organization assets?
3. Terms and conditions of employment
Do the terms and conditions of the employment cover the employee=s responsibility for
a.