Professional Documents
Culture Documents
Control Objective/Control
Sec
5.1 Management direction for information security
5.1.1 Policies for information
5.1.2 Review of the policies for information security
7 Human
resource
security
Current
control
s
Remarks (with
justification for
exclusions)
Selected controls
and reasons for
selection
LR CO
9 Access
control
acquisition,
development
and
maintenance 14.2.5 Secure system engineering principles
14.2.6 Secure development environment
14.2.7 Outsourced development
14.2.8 System security testing
14.2.9 System acceptance testing
14.3 Test data
14.3.1 Protection of test data
15.1 Information security in supplier relationships
15.1.1 Information security policy for supplier relationships
Addressing security
within supplier
agreements
15.1.2 Information
and communication
technology
supply
15 Supplier
15.1.3 chain
relationships
15.2 Supplier service delivery management
15.2.1 Monitoring and review of supplier services
15.2.2 Managing changes to supplier services
Management of information security incidents and
16.1 improvements
16
Information
security
incident
management
17
Information
security
aspects of
business
continuity
management
Selected controls
and reasons for
selection
BR/BP RRA
Remarks (overview of
implementation)
1600%; 14%
100%; 1%
100%; 1%
6500%; 55%
3500%; 30%
Status :- Process Implementation comply with ISO 27001:2005 standard and documented
In Percent
1
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
0
ISO 27001:2005 Annexure-A Controls Implementation Status by Classification in number and percentage
ISO 27001:2005 Annexure-A Controls Implementation Status by Classification in number and percentage
4900%; 37%
and percentage
80
65
60
35
40
16
20
d documented
Status :- Process Implementation comply with ISO 27001:2005 standard and documented
1
0.9
0.8
Compliance
0.7 percentage
0.6
Complianc e %
0.5
Goal
0.4
0.3
0.2
0.1
0
1.2
1
0.8
0.6
0.4
Compliance %
Goal
1.2
1
0.8
0.6
0.4
0.2
0
Organization
Security Policy
ofAsset
information
Human
Physical
Management
Communications
resources
security
Information
and environmental
security
systems
and operations
Access
Information
security
acquisition,
Control
management
Business
security
development
incident
continuity
and
management
Compliance
management
maintenance
Compliance %
Goal
ication in number
65
en redesigned
place / not implemented
Process is not applicable
Complianc e %
Goal
main
Compliance %
Goal
main
tuity
and
management
Compliance
management
maintenance
Compliance %
Goal
Reference
ISO Clauses
16
Process is
Process is not
implemented and
comply with
must be
standard and must
documented
be redesigned
35
Reference
Controls
23
Controls
Controls
implemented not
implemented must
comply with
be documented
standards, needs
to redesign
49
1
5
8
0
1
0
0
0
0
0
1
0
Compliance %
100%
17%
31%
0%
8%
0%
0%
0%
0%
0%
14%
0%
2
11
5
9
13
32
25
5
5
5
11
Compliance %
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
Domain description
Count
5 Security Policy
6 Organization of information security
7 Asset Management
8 Human resources security
9 Physical and environmental security
10 Communications and operations management
11 Access Control
12 Information systems acquisition, development and mai
13 Information security incident management
14 Business continuity management
15 Compliance
Administration
CISO
Finance
No. of controls
16
34
3
Compliance %
38%
3%
0%
Goal
100.00%
100.00%
100.00%
HR
IT
S/W
Top Management
Training
9
52
7
4
1
44%
15%
57%
0%
0%
100.00%
100.00%
100.00%
100.00%
100.00%
Clauses
Process is not in
Process is
place / not
not applicable
implemented
65
Control not
implemented &
documented
Controls not
applicable
49
ure - A Controls
Goal
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
Goal
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
118