Organisation must maintain a listing of used data systems and their owners. Owner is responsible for completing the related documentation and possible other security actions directly related to the data system.
Data system documentation must include at least:
The organization maintains documentation of interfaces and other connections between data system and the data transmission methods used in the interfaces.
The documentation concerning the interfaces shall be reviewed regularly and after significant changes to data systems.