A.18.2.3: Technical Compliance Review
Perform regular reviews of information systems for compliance with the organization’s information security policies and standards.
A.18.2.2: Compliance with Security Policies and Standards
Ensure that managers regularly review the compliance of information processing and procedures within their area of responsibility with the appropriate security policies, standards, and any other security requirements.
A.18.2.1: Independent Review of Information Security
Conduct an independent review of the information security policy and its implementation at planned intervals or when significant changes occur.
A.18.1.5: Regulation of Cryptographic Controls
Ensure compliance with all relevant legislative, regulatory, and contractual requirements for the use of cryptographic controls.
A.18.1.4: Privacy and Protection of Personally Identifiable Information
Ensure compliance with relevant legislative, regulatory, and contractual requirements for privacy and the protection of personally identifiable information.
A.18.1.2: Intellectual Property Rights
Ensure compliance with all relevant legislative, regulatory, and contractual requirements for the use of intellectual property.
A.18.1.1: Identification of Applicable Legislation and Contractual Requirements
Identify and document the legislative, regulatory, and contractual requirements related to information security and the organization’s approach to meet these requirements.
A.13.2.4: Confidentiality or Non-Disclosure Agreements
Ensure that confidentiality or non-disclosure agreements reflect the organization’s needs for the protection of information.