Low
Encrypted connections
All data in transit is transferred over encrypted connections, using the encrypted versions of protocols or encapsulation of plaintext protocols over encrypted connections.
Backup procedure
For every system a documented backup procedure is available with values for the RPO (Recovery Point Objective, maximum tolerable amount of data that can be lost) and RTO (Recovery Time...
Supplier Security Management
Before engaging in an agreement with a supplier of an IT-service, an information security risk assessment is performed. Contractual agreements regarding information security are made with suppliers of IT-services. Suppliers...
Patch management
Available patches and/or security fixes are installed in compliance with set and approved policies (including those for operating systems, databases and installed applications) and recommendations of CERT and/or suppliers.
Asset registration
The assets making up a system that are under control of the organisation are registered and tracked in the CMDB. System owners periodically check that the information in the CMDB...
Asset inventory
Organisations maintain an accurate and up-to-date registry of organisational hardware and software assets in a Configuration Management Database (CMDB).
Governance of Processes and Systems
The Information Systems and Processes are identified and registered. Each System and Process has an owner within the organisation. The owner is responsible for compliance with the organisational information security...
Acceptable use policy
End users are actively informed on the organisational policies regarding acceptable use of assets. Organisationally offered IT assets and services must be used for professional purposes, the usage of free/private...