The task of managing the risk associated with information security is entrusted to the security controls of the ANNEX section According to ISO 27001:2017 and, for some of these controls (in bold in the list) Security procedures have also been developed and documented PSI-XX

The risks associated with information security can lurk within the primary processes and support processes, and could lead to “Loss of confidentiality, Loss of integrity and Loss of availability” of the information processed.

The treatment of the information security risk involved the drafting of an Information Security Plan which reports:

  • The control number that refers to the point indicated by Annex A
  • Control category
  • Control description
  • Method of application of the control
  • Responsible for the effectiveness of the control

The security checks in relation to all the requirements contemplated by Annex A (Appendix A) of the ISO / IEC 27001:2017 standard are ordered in the standard according to the following numbering:

05 – Information security policy
06 – Organization of information security
07 – Security of human resources
08 – Asset management
09 – Access control
10 – Encryption
11 – Physical and environmental safety
12 – Safety of operational activities
13 – Communications security
14 – Acquisition, development and maintenance of systems
15 – Relations with suppliers
16 – Management of information security incidents
17 – Security in the management of business continuity
18 – Compliance

In the information security plan of the 27001 procedures document kit, all the controls required by Annex (appendix) A of ISO / IEC 27001:2017 have been considered.