ISO 27001 Mapping Area and Departments Checklist

This checklist applicable for ISO 27001/17799 Information Security Management System Implementation Guidelines
- Implement procedures and standards for formal reporting and incident response action to be taken on receipt of an incident report.
- Implement standards and procedures to ensure that users are aware of the requirement to note and report all observed or suspected security weaknesses in or threats to systems or services.
- Implement standards and user training to ensure that users note and report to the proper location any software that does not function correctly.
- Implement standards and procedures to identify incident management responsibilities and to ensure a quick, effective, orderly response to security incidents.
- Implement standards to ensure that capacity requirements are monitored, and future requirements projected, to reduce the risk of system overload.
- Implement standards and user training to ensure that virus detection and prevention measures are adequate.
- Implement procedures for logging faults reported by users regarding problems with computer or communications systems.
- Implement appropriate standards to ensure the security of data in networks and the protection of connected services from unauthorized access.
- Implement standards to have audit trails record exceptions and other security-relevant and that they are maintained to assist in future investigations and in access control monitoring.
- Implement procedures for monitoring system use to ensure that users are only performing processes that have been explicitly authorized.
- Implement standards to ensure computer or communications device clocks are correct and in synchronization.
- Implement standards for automatic terminal identification to authenticate connections to specific locations.