| 8.2 & 8.3 & A.18.2 |
Risk management |
| A.5 |
Documentation |
| A.6 |
Information Security |
| A.6.1.4 & A.7.2 |
Awareness, Training, and Reminders |
| A.6.2 |
Mobile devices and teleworking |
| A.7 |
Human resource security |
| A.7.2.3 |
Disciplinary process |
| A.8.1 |
Asset Management |
| A.8.2 |
Information classification |
| A.8.3 |
Media handling |
| A.9 |
Access control |
| A.9.4.5 & A.12.x & A.14.x & A.17.2 & A.18.1.2 |
Software development and operations |
| A.10.1 |
Cryptography |
| A.11.1 |
Secure areas |
| A.11.2 |
Workstation |
| A.12.2 |
Malware Protection |
| A.12.3 |
Backup |
| A.12.4 |
Logging and monitoring |
| A.13.1 |
Network Security Management |
| A.13.2.4 & A.15.1 & A.15.2 |
Suppliers |
| A.16.1 |
Information security incidents |
| A.17.1 |
Continuity |
| A.18.1 |
Compliance |
| A.18.1.4 |
Information Privacy |