ISO 27001 Controls

Note

Controls not covered below are controls which cannot be fulfilled by Compliant Kubernetes. These include requirements such as:

  • Your management team needs to regularly perform various risk analysis.
  • You need to do background checks when recruiting.
  • You need to activate multi-factor authentication in your Identity Provider.
  • You need to have a policy on how to safely use USB sticks.
  • Requirements which fall under the scope of the application.

Click on the links below to navigate the documentation by control.

ISO 27001 A.9.4.1 Information Access Restriction

ISO 27001 A.9.4.4 Use of Privileged Utility Programmes

ISO 27001 A.10.1.2 Key Management

ISO 27001 A.12.1.2 Change Management

ISO 27001 A.12.1.3 Capacity Management

ISO 27001 A.12.1.4 Separation of Development, Testing & Operational Environments

ISO 27001 A.12.2.1 Controls Against Malware

ISO 27001 A.12.3.1 Information Backup

ISO 27001 A.12.4.1 Event Logging

ISO 27001 A.12.4.3 Administrator & Operator Logs

ISO 27001 A.12.4.4 Clock Synchronization

ISO 27001 A.12.6.1 Management of Technical Vulnerabilities

ISO 27001 A.13 Network Security

ISO 27001 A.13.1 Network Security

ISO 27001 A.14.1.1 Information Security Requirements Analysis & Specification

ISO 27001 A.14.2.2 System Change Control Procedures

ISO 27001 A.14.2.4 Restrictions on Changes to Software Packages

ISO 27001 A.14.2.5 Secure System Engineering Principles

ISO 27001 A.14.2.9 System Acceptance Testing

ISO 27001 A.15 Supplier Relationships

ISO 27001 A.16 Information Security Incident Management

ISO 27001 A.17.1.1 Planning Information Security Continuity

ISO 27001 A.17.1.3 Verify, Review & Evaluate Information Security Continuity

ISO 27001 A.18.1.2 Intellectual Property Rights

ISO 27001 A.18.2.2 Compliance with Security Policies & Standards

ISO 27001 A.18.2.3 Technical Compliance Review