Yes
No
In Progress
b.
Does the agreement address the security issues based on the sensitivity of the business
information involved?
2. Other forms of information exchange
a.
Are there are any policies, procedures or controls in place to protect the exchange of
information through the use of voice, facsimile and video communication facilities?
Access Control
Business Requirements for Access Control
1. Access Control Policy
a.
Have the business requirements for access control been defined and documented.
b.
Does the Access control policy address the rules and rights for each user or a group of users?
Are the users and service providers given a clear statement of the business requirement to
c.
be met by access controls?
Mobile computing and telecommuting
1. Mobile computing
a.
Has a formal policy been adopted that takes into account the risks of working with
computing facilities such as notebooks, palmpilots etc., especially in unprotected
environments?
b.
Was training arranged for staff that use mobile computing facilities to raise their awareness
on the additional risks resulting from this way of working and controls that need to be
implemented to mitigate the risks?
2. Telecommuting
a.
Are there any policies, procedures and/ or standards to control telecommuting activities, this
should be consistent with organization=s security policy?