Checklist for Standard ISO/IEC 27002:2013 - Information Security Code of Practice

ISO/IEC 27001:2013 gives requirements for organizational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organization's information security risk environment(s).

It is designed to be used by organizations that intend to:

1. Select controls within the process of implementing an Information Security Management System based on ISO/IEC 27001
2. implement commonly accepted information security controls
3. develop their own information security management practices

The requirements included in the ISO/IEC 27001:2013 standard are listed at a high level with an Annexed reference to ISO 27002:2013 as appropriate guidance to demonstrate conformance to ISO/IEC 27001:2013. If an Organization is interested in testing their conformance to ISO/IEC 27001:2013 this checklist will provide an analysis of the detail in the ISO/IEC 27001 standard. However, if the organization is only interested in the guidance in ISO/IEC 27002:2013 this checklist provides a list of all items suggested in Annex A of ISO/IEC 27001 that are derived from the ISO/IEC 27002 guidelines. They are addressed in detail in the Introduction to the checklist and in section 9.

Customers of this product:

• ASTRONAUTICS CORPORATION OF AM
• BRIS, China
• DAIMLER AG
• Edpaudit, Nigeria
• HARGROVE ENGINEERS
• MED Institute, Inc.
• SIA, UK
• TPI, Aba Dubai
• UNICONNECT LC

Note: “International Standards (ISO) define the best of practices for Medical Device and Software firms in producing a quality product. This checklist that SEPT produces will ensure that all of the best of practices are adhered to.”