ISO 17799 Self-Assessment Checklist 195
8.7 Exchanges of Information and
Software
Exchanges of data and software between organizations should be controlled to
prevent loss, modification, or misuse of data.
8.7.1 Information and Software
Exchange Agreements
Do formal agreements exist, including software escrow agreements when
appropriate, for exchanging data and software (whether electronically or
manually) between organizations?
Y ___ N ___
8.7.2 Security of Media in Transit Are controls applied to safeguard computer media being transported between
sites to minimize its vulnerability to unauthorized access, misuse, or corruption
during transportation?
Y ___ N ___
8.7.3 Electronic Commerce
Security
Are security controls applied where necessary to protect electronic commerce
(electronic data interchange, electronic mail, and online transactions across a
public network such as the Internet) against unauthorized interception or
modification?
Y ___ N ___
8.7.4 Security of Electronic Mail Are controls applied where necessary to reduce the business and security risks
associated with electronic mail, to include interception, modification, and errors?
Y ___ N ___
8.7.5 Security of Electronic Office
Systems
Do clear policies and guidelines exist to control business and security risks
associated with electronic office systems?
Y ___ N ___
8.7.6 Publicly Available Systems Is there a formal authorization process before information is made publicl
y
available?
Y ___ N ___
8.7.7 Other Forms of Information
Exchange
Are procedures and controls in place to protect the exchange of information
through the use of voice, facsimile, and video communications facilities?
Y ___ N ___
Score (number of questions answered Yes):
9 Access Control
9.1 Business Requirement for
System Access
Policies for information dissemination and entitlement should control access to
computer services and data on the basis of business requirements.
9.1.1 Access Control Policy Are business requirements defined and documented for access control?
Y ___ N ___