Free ebook: NIS2 ready using ISO 27001 best practices
Download ebook

Procedure for identifying software licensing requirements

Critical
High
Normal
Low

Installing commercially licensed software can cause a breach of the licence terms for the software. Organisation should have a procedure for identifying licensing requirements for before permitting any licensed software to be installed.

Particular attention should be paid to cases where the data system is elastic and scalable and can be run on more systems or processor cores than is permitted by the licence terms.

Connected other frameworks and requirements:
18.1.2: Intellectual property rights
ISO 27001
18: Compliance
ISO 27017
18.1: Compliance with legal and contractual requirements
ISO 27017
18.1.2: Intellectual property rights
ISO 27017
18.1.5: Regulation of cryptographic controls
ISO 27017

Using data loss prevention policies

Critical
High
Normal
Low

Data Loss Prevention (DLP) policies can be used to protect sensitive data from accidental or intentional disclosure. Policies can alert, for example, when they detect sensitive data (such as personal identification numbers or credit card numbers) in email or another data system to which they would not belong.

The organization defines DLP policies related to endpoints in a risk-based manner, taking into account the data classification of the processed data.

Connected other frameworks and requirements:
18.1.2: Intellectual property rights
ISO 27001
18.1.3: Protection of records
ISO 27001
5.33: Protection of records
ISO 27001
8.12: Data leakage prevention
ISO 27001

Use of a DLP-system

Critical
High
Normal
Low

The DLP system aims to prevent the loss or leakage of sensitive data. The system can be used to prevent unwanted actions by monitoring, detecting and preventing the processing of sensitive data without meeting the desired conditions. Blocking can be done during use (in-use, terminal operations), in motion (in-transit, network traffic) or in storage locations (at-rest).

Connected other frameworks and requirements:
18.1.2: Intellectual property rights
ISO 27001
18.1.3: Protection of records
ISO 27001
8.12: Data leakage prevention
ISO 27001
No items found.