Basic

Organization

• Classification of information
• Information security policy for supplier relationships
• Inclusion of security aspects in supplier agreement
• Information and communication technology supply chain
• Information security for the use of cloud services
• Lessons learned from information security incidents
• Privacy and protection of personal data
• Documented operating procedures
• Threat intelligence and analysis
• Inventory of information and other related assets

Staff

• Terms of employment
• Confidentiality or non-disclosure agreement

Physically

• Security of cabling
• Safe disposal or reuse of equipment
• Physical access security
• Securing offices, spaces and facilities
• Monitoring physical security
• Protect against outside threats
• Working in secure areas
• Clear desk and clear screen policy
• Placement and protection of equipment
• Protection of equipment and assets off site

Technology

• Control of information stored or processed on workplaces and/or mobile devices.
• Erase information
• Preventing data leaks
• Backup of information
• Protecting operational systems through software installation procedures and measures
• Manage special access rights
• Restriction of access to information

Privacy

• Agreement with the customer
• Disclosure of subcontractors used for the processing of personal data
• Customer Obligations