Evaluation process and documentation of significant security-related changes

Critical
High
Normal
Low

In systematic cyber security work, the impact of significant changes must be assessed in advance and they must be executed in a controlled way. The consequences of unintentional changes must be assessed and efforts made to mitigate possible adverse effects.

Significant changes may include: changes in the organization, operating environment, business processes and data systems. Changes can be identified e.g. through management reviews and other cyber security work.

Connected other frameworks and requirements:
12.1.2: Change management
ISO 27001
PR.IP-3: Configuration change control processes
NIST CSF
8.32: Change management
ISO 27001
9.3: Management review
ISO 27001
1.4 (MIL1): Manage Changes to IT and OT Assets
C2M2

Evaluating the efficiency, viability and needs for security systems

Critical
High
Normal
Low

Security systems are the data systems that are in place to protect the information we have, not so much to process it.

We regularly evaluate the operation of different security systems and the need for new systems.

Connected other frameworks and requirements:
12.1.2: Change management
ISO 27001
No items found.