Content library
Julkri: TL IV-I
TEK-18: Etäkäyttö

How to fill the requirement

Julkri: TL IV-I

TEK-18: Etäkäyttö

Task name
Priority
Status
Theme
Policy
Other requirements
Personnel guidelines for safe processing of personal and confidential data
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Privacy
Processing principles and accountability
requirements

Task is fulfilling also these other security requirements

29. Processing under the authority of the controller or processor
GDPR
7.2.2: Information security awareness, education and training
ISO27 Full
18.1.4: Privacy and protection of personally identifiable information
ISO27 Full
12.1.1: Documented operating procedures
ISO27 Full
11.2.8: Unattended user equipment
ISO27 Full
1. Task description

The Data Protection Officer (or other responsible person) has drawn up operating instructions for personnel handling personal data. In addition, the Data Protection Officer is ready to advise the controller, personal data processing partners or their own staff on compliance with GDPR or other data protection requirements.

Personnel guidelines for safe data system and authentication info usage
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
System management
Data system management
requirements

Task is fulfilling also these other security requirements

32. Security of processing
GDPR
29. Processing under the authority of the controller or processor
GDPR
8.1.3: Acceptable use of assets
ISO27 Full
12.1.1: Documented operating procedures
ISO27 Full
9.1.1: Access control policy
ISO27 Full
1. Task description

The organization should have defined guidelines for the generally acceptable use of data systems and for the management of the necessary credentials.

In addition, the owners of data systems classified as 'High' or 'Critical' priority can define, document, and implement more specific guidelines for the use of that particular data system. These guidelines can describe e.g. security requirements related to the data contained in the system.

Personnel guidelines for secure remote work
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Remote work and mobile devices
Remote work
requirements

Task is fulfilling also these other security requirements

7.2.2: Information security awareness, education and training
ISO27 Full
6.2.2: Teleworking
ISO27 Full
6.6.4: Fyysisten tilojen, laitteiden ja tulosteiden turvallisuus
Self-monitoring
PR.AC-3: Remote access management
NIST
FYY-04: Tiedon säilytys
Julkri
1. Task description

Remote workers have their own operating guidelines, which are monitored. In addition, regular training is provided to staff to identify threats to information security arising from the use of mobile devices and remote work, and to review the guidelines.

Defining and documenting accepted authentication methods
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
System management
Access control and authentication
requirements

Task is fulfilling also these other security requirements

I07: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen
Katakri
9.1.1: Access control policy
ISO27 Full
9.2.4: Management of secret authentication information of users
ISO27 Full
9.4.2: Secure log-on procedures
ISO27 Full
6.6.2: Käyttövaltuushallinta ja tunnistautuminen järjestelmiin
Self-monitoring
1. Task description

The organization has predefined authentication methods that employees should prefer when using data systems.

When using cloud services, the user can often freely decide how he or she authenticates with the service. A single centralized authentication account (such as a Google or Microsoft 365 account) can help close a large number of access rights at once when the main user account that acts as the authentication method is closed.

No items found.