Annex A.5

Question 1

A.5.1

Answer 1

Information Security policies

Question 2

A.5.2

Answer 2

Information Security roles and responsibilities

Question 3

A.5.3

Answer 3

Segregation of Duty

Question 4

A.5.4

Answer 4

Management responsibilities

Question 5

A.5.5

Answer 5

Contact with Government Authorities

Question 6

A.5.6

Answer 6

Contact with special interest groups

Question 7

A.5.7

Answer 7

Threat intelligence

Question 8

A.5.8

Answer 8

Information security in projects management

Question 9

A.5.9

Answer 9

Inventory of Information and other associated assets

Question 10

A.5.10

Answer 10

Acceptable use of information and other associated assets

Question 11

A.5.11

Answer 11

Return of assets

Question 12

A.5.12

Answer 12

Classification of Information

Question 13

A.5.13

Answer 13

Labelling of Information

Question 14

A.5.14

Answer 14

Information Transfer

Question 15

A.5.15

Answer 15

Access control

Question 16

A.5.16

Answer 16

Identity Management

Question 17

A.5.17

Answer 17

Authentication information

Question 18

A.5.18

Answer 18

Access rights

Question 19

A.5.19

Answer 19

Information Security in supplier relationship

Question 20

A.5.20

Answer 20

Addressing information security within supplier agreements

Question 21

A.5.21

Answer 21

Managing information security in the ICT supply chain

Question 22

A.5.22

Answer 22

Monitoring and review and change management of supplier service

Question 23

A.5.23

Answer 23

Information Security for use of cloud service

Question 24

A.5.24

Answer 24

Information Security incident management planning and preparation

Question 25

A.5.25

Answer 25

Information assessment and decision on information security event

Question 26

A.5.26

Answer 26

Response to information security incidents

Question 27

A.5.27

Answer 27

Learning from information security incidents

Question 28

A.5.28

Answer 28

Collection of evidence

Question 29

A.5.29

Answer 29

Information Security during disruption

Question 30

A.5.30

Answer 30

ICT readiness for Business continuity

Question 31

A.5.31

Answer 31

Legal, statutory, regulatory, and contractual requirements

Question 32

A.5.32

Answer 32

intellectual property rights

Question 33

A.5.33

Answer 33

Protection of Record

Question 34

A.5.34

Answer 34

Privacy and protection of PIi

Question 35

A.5.35

Answer 35

Independent review of information security

Question 36

A.5.36

Answer 36

Compliance with policies, rules, and standard for information security

Question 37

A.5.37

Answer 37

Documented operating procedures