| ID | Titel / Beschrijving | Rel. | Motivatie uitsluiting | BM | RB | WR | CV | Status |
|---|---|---|---|---|---|---|---|---|
| 5.01 | Policies for information security | ✓ | ✓ | ✓ | Gedeeltelijk | |||
| 5.02 | Information security roles and responsibilities | ✓ | ✓ | Gereed | ||||
| 5.03 | Segregation of duties | ✓ | ✓ | ✓ | Gereed | |||
| 5.04 | Management responsibilities | ✓ | ✓ | Gereed | ||||
| 5.05 | Contact with authorities | ✓ | ✓ | ✓ | Gedeeltelijk | |||
| 5.06 | Contact with special interest groups | ✓ | ✓ | Gereed | ||||
| 5.07 | Threat intelligence | ✓ | ✓ | ✓ | Gereed | |||
| 5.08 | Information security in project management | ✓ | ✓ | ✓ | Gereed | |||
| 5.09 | Inventory of information and other associated assets | ✓ | ✓ | Gereed | ||||
| 5.10 | Acceptable use of information and other associated assets | ✓ | ✓ | Gereed | ||||
| 5.11 | Return of assets | ✓ | ✓ | Gereed | ||||
| 5.12 | Classification of information | ✓ | ✓ | ✓ | Gedeeltelijk | |||
| 5.13 | Labelling of information | ✓ | ✓ | Gedeeltelijk | ||||
| 5.14 | Information transfer | ✓ | ✓ | ✓ | Gereed | |||
| 5.15 | Access control | ✓ | ✓ | ✓ | Gereed | |||
| 5.16 | Identity management | ✓ | ✓ | ✓ | Gereed | |||
| 5.17 | Authentication information | ✓ | ✓ | ✓ | Gereed | |||
| 5.18 | Access rights | ✓ | ✓ | ✓ | ✓ | Gereed | ||
| 5.19 | Information security in supplier relationships | ✓ | ✓ | ✓ | Gedeeltelijk | |||
| 5.20 | Addressing information security within supplier agreements | ✓ | ✓ | ✓ | ✓ | Gereed | ||
| 5.21 | Managing information security in the ICT supply chain | ✓ | ✓ | ✓ | ✓ | Gereed | ||
| 5.22 | Monitoring, review and change management of supplier services | ✓ | ✓ | ✓ | Gereed | |||
| 5.23 | Information security for use of cloud services | ✓ | ✓ | ✓ | ✓ | Gereed | ||
| 5.24 | Information security incident management planning and preparation | ✓ | ✓ | ✓ | ✓ | Gedeeltelijk | ||
| 5.25 | Assessment and decision on information security events | ✓ | ✓ | ✓ | Gereed | |||
| 5.26 | Response to information security incidents | ✓ | ✓ | ✓ | ✓ | Gereed | ||
| 5.27 | Learning from information security incidents | ✓ | ✓ | ✓ | Gereed | |||
| 5.28 | Collection of evidence | ✓ | ✓ | ✓ | Gereed | |||
| 5.29 | Information security during disruption | ✓ | ✓ | ✓ | ✓ | Gedeeltelijk | ||
| 5.30 | ICT readiness for business continuity | ✓ | ✓ | ✓ | ✓ | Gedeeltelijk | ||
| 5.31 | Legal, statutory, regulatory and contractual requirements | ✓ | ✓ | Gereed | ||||
| 5.32 | Intellectual property rights | ✓ | ✓ | ✓ | Gedeeltelijk | |||
| 5.33 | Protection of records | ✓ | ✓ | ✓ | Gereed | |||
| 5.34 | Privacy and protection of PII | ✓ | ✓ | ✓ | ✓ | Gereed | ||
| 5.35 | Independent review of information security | ✓ | ✓ | Gereed | ||||
| 5.36 | Compliance with policies, rules and standards for information security | ✓ | ✓ | ✓ | Gereed | |||
| 5.37 | Documented operating procedures | ✓ | ✓ | Gedeeltelijk |
| ID | Titel / Beschrijving | Rel. | Motivatie uitsluiting | BM | RB | WR | CV | Status |
|---|---|---|---|---|---|---|---|---|
| 6.01 | Screening | ✓ | ✓ | ✓ | Gereed | |||
| 6.02 | Terms and conditions of employment | ✓ | ✓ | ✓ | Gereed | |||
| 6.03 | Information security awareness, education and training | ✓ | ✓ | ✓ | Gereed | |||
| 6.04 | Disciplinary process | ✓ | ✓ | Gereed | ||||
| 6.05 | Responsibilities after termination or change of employment | ✓ | ✓ | Gereed | ||||
| 6.06 | Confidentiality or non-disclosure agreements | ✓ | ✓ | ✓ | Gereed | |||
| 6.07 | Remote working | ✓ | ✓ | ✓ | Gereed | |||
| 6.08 | Information security event reporting | ✓ | ✓ | ✓ | Gereed |
| ID | Titel / Beschrijving | Rel. | Motivatie uitsluiting | BM | RB | WR | CV | Status |
|---|---|---|---|---|---|---|---|---|
| 7.01 | Physical security perimeters | ✓ | ✓ | Gereed | ||||
| 7.02 | Physical entry | ✓ | ✓ | Gereed | ||||
| 7.03 | Securing offices, rooms and facilities | ✓ | ✓ | Gereed | ||||
| 7.04 | Physical security monitoring | ✓ | ✓ | ✓ | Gedeeltelijk | |||
| 7.05 | Protecting against physical and environmental threats | ✓ | ✓ | Gereed | ||||
| 7.06 | Working in secure areas | ✓ | ✓ | Gereed | ||||
| 7.07 | Clear desk and clear screen | ✓ | ✓ | Gereed | ||||
| 7.08 | Equipment siting and protection | ✓ | ✓ | Gereed | ||||
| 7.09 | Security of assets off-premises | ✓ | ✓ | ✓ | Gereed | |||
| 7.10 | Storage media | ✓ | ✓ | ✓ | Gereed | |||
| 7.11 | Supporting utilities | ✓ | ✓ | Gereed | ||||
| 7.12 | Cabling security | ✓ | ✓ | Gereed | ||||
| 7.13 | Equipment maintenance | ✓ | ✓ | Gereed | ||||
| 7.14 | Secure disposal or re-use of equipment | ✓ | ✓ | ✓ | Gereed |
| ID | Titel / Beschrijving | Rel. | Motivatie uitsluiting | BM | RB | WR | CV | Status |
|---|---|---|---|---|---|---|---|---|
| 8.01 | User endpoint devices | ✓ | ✓ | ✓ | Gereed | |||
| 8.02 | Privileged access rights | ✓ | ✓ | ✓ | Gereed | |||
| 8.03 | Information access restriction | ✓ | ✓ | ✓ | ✓ | Gereed | ||
| 8.04 | Access to source code | ✓ | ✓ | ✓ | Gereed | |||
| 8.05 | Secure authentication | ✓ | ✓ | ✓ | Gereed | |||
| 8.06 | Capacity management | ✓ | ✓ | ✓ | ✓ | Gereed | ||
| 8.07 | Protection against malware | ✓ | ✓ | ✓ | Gedeeltelijk | |||
| 8.08 | Management of technical vulnerabilities | ✓ | ✓ | ✓ | Gedeeltelijk | |||
| 8.09 | Configuration management | ✓ | ✓ | ✓ | Gedeeltelijk | |||
| 8.10 | Information deletion | ✓ | ✓ | ✓ | Gereed | |||
| 8.11 | Data masking | ✓ | ✓ | ✓ | ✓ | Gereed | ||
| 8.12 | Data leakage prevention | ✓ | ✓ | ✓ | ✓ | Gereed | ||
| 8.13 | Information backup | ✓ | ✓ | ✓ | ✓ | Gedeeltelijk | ||
| 8.14 | Redundancy of information processing facilities | ✓ | ✓ | ✓ | ✓ | Gereed | ||
| 8.15 | Logging | ✓ | ✓ | ✓ | ✓ | Gereed | ||
| 8.16 | Monitoring activities | ✓ | ✓ | ✓ | Gedeeltelijk | |||
| 8.17 | Clock synchronization | ✓ | ✓ | Gereed | ||||
| 8.18 | Use of privileged utility programs | ✓ | ✓ | Gereed | ||||
| 8.19 | Installation of software on operational systems | ✓ | ✓ | Gereed | ||||
| 8.20 | Networks security | ✓ | ✓ | ✓ | Gereed | |||
| 8.21 | Security of network services | ✓ | ✓ | ✓ | ✓ | Gereed | ||
| 8.22 | Segregation of networks | ✓ | ✓ | ✓ | Gereed | |||
| 8.23 | Web filtering | ✓ | ✓ | Gereed | ||||
| 8.24 | Use of cryptography | ✓ | ✓ | ✓ | ✓ | Gedeeltelijk | ||
| 8.25 | Secure development life cycle | ✓ | ✓ | ✓ | Gereed | |||
| 8.26 | Application security requirements | ✓ | ✓ | ✓ | Gereed | |||
| 8.27 | Secure system architecture and engineering principles | ✓ | ✓ | ✓ | ✓ | Gedeeltelijk | ||
| 8.28 | Secure coding | ✓ | ✓ | ✓ | Gereed | |||
| 8.29 | Security testing in development and acceptance | ✓ | ✓ | ✓ | Gedeeltelijk | |||
| 8.30 | Outsourced development | ✓ | ✓ | ✓ | Gereed | |||
| 8.31 | Separation of development, test and production environments | ✓ | ✓ | ✓ | Gereed | |||
| 8.32 | Change management | ✓ | ✓ | ✓ | Gereed | |||
| 8.33 | Test information | ✓ | ✓ | ✓ | Gereed | |||
| 8.34 | Protection of information systems during audit testing | ✓ | ✓ | Gereed |
| Gereed | 74 |
| Gedeeltelijk | 19 |
| N.v.t. | 0 |
| Totaal Annex A | 93 |
Ondergetekende verklaart dat deze Verklaring van Toepasselijkheid is vastgesteld op basis van de uitgevoerde risicobeoordeling conform ISO 27001:2022 clausule 6.1.3.