ISO 17799 Self-Assessment Checklist 189
4.1.6 Cooperation between
Organizations
Is there a liaison with external information security personnel and organizations,
including industry and government security specialists, law enforcement
authorities, IT service providers, telecommunications authorities?
Y ___ N ___
4.1.7 Independent Review of
Information Security
Has an independent review of information security practices been conducted to
ensure feasibility, effectiveness, and compliance with written policies?
Y ___ N ___
4.2 Security of Third-Party Access The organizational IT facilities and inf
ormation assets that control the access of
nonorganizational third parties must be kept secure.
4.2.1 Identification of Risks from
Third-Party Access
Have third-party connection risks been analyzed?
Y ___ N ___
Combating Risks from Third-
Party Connections
Have specific security measures been identified to combat third-party connection
risks?
Y ___ N ___
4.2.2 Security Conditions in Third-
Party Contracts
Are security requirements included in formal third-party contracts?
Y ___ N ___
4.3 Outsourcing The security of information should be maintained even when the responsibility
for the processing has been outsourced to another organization.
4.3.1 Security Requirements in
Outsourcing Contracts
Have the security requirements of the information owners been addressed in a
contract between the owners and the outsource organization?
Y ___ N ___
Score (number of questions answered Yes):
5 Asset Classification and Control
5.1 Accounting of Assets Appropriate accounting of organizational assets must be established.
5.1.1 Inventory of Assets Have inventories of major assets associated with each information system been
created?
Y ___ N ___