Content library
Julkri: TL IV-I
HAL-19: Tietojen käsittely

How to fill the requirement

Julkri: TL IV-I

HAL-19: Tietojen käsittely

Task name
Priority
Status
Theme
Policy
Other requirements
Personnel guidelines for safe data system and authentication info usage
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
System management
Data system management
requirements

Task is fulfilling also these other security requirements

32. Security of processing
GDPR
29. Processing under the authority of the controller or processor
GDPR
8.1.3: Acceptable use of assets
ISO27 Full
12.1.1: Documented operating procedures
ISO27 Full
9.1.1: Access control policy
ISO27 Full
1. Task description

The organization should have defined guidelines for the generally acceptable use of data systems and for the management of the necessary credentials.

In addition, the owners of data systems classified as 'High' or 'Critical' priority can define, document, and implement more specific guidelines for the use of that particular data system. These guidelines can describe e.g. security requirements related to the data contained in the system.

Personnel guidelines for safe disposal of paper data
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Physical security
Non-electronic data and copies
requirements

Task is fulfilling also these other security requirements

I17: Salassa pidettävien tietojen jäljentäminen - Tulostus ja kopiointi
Katakri
8.3.2: Disposal of media
ISO27 Full
6.6.4: Fyysisten tilojen, laitteiden ja tulosteiden turvallisuus
Self-monitoring
A.11.7: Secure disposal of hardcopy materials
ISO 27018
PR.DS-3: Asset management
NIST
1. Task description

Papers containing sensitive information should be disposed of in an agreed manner, for example, using a shredder or by incineration.

Endpoint security management system
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Remote work and mobile devices
Mobile device management
requirements

Task is fulfilling also these other security requirements

13.1.1: Network controls
ISO27 Full
6.2.1: Mobile device policy
ISO27 Full
PR.PT-4: Communications and control networks
NIST
HAL-19: Tietojen käsittely
Julkri
8.1: User endpoint devices
ISO27k1 Full
1. Task description

Endpoint security management system can be used to demand the desired security criteria from the devices before they are allowed to connect to the network resources. Devices can be laptops, smartphones, tablets or industry-specific hardware.

Criteria for the use of network resources may include e.g. approved operating system, VPN and antivirus systems, and the timeliness of these updates.

No items found.