ISO 17799 Self-Assessment Checklist 203
12.1.2 Intellectual Property Rights Is there compliance with legal restrictions on the use of copyright material,
ensuring that only software developed by the organization, or licensed or
provided by the developer to the organization, is used?
Y ___ N ___
12.1.3 Safeguarding of
Organizational Records
Are important organizational records securely maintained to meet statutor
y
requirements, as well as to support essential business activities?
Y ___ N ___
12.1.4 Data Protection and Privacy of
Personal Information
Do applications that process personal data on individuals comply with applicable
data protection legislation?
Y ___ N ___
12.1.5 Prevention of Misuse of
Information Processing
Facilities
Are IT facilities to be used only for business purposes?
Y ___ N ___
12.1.6 Regulation of Cryptographic
Controls
Has legal advice been sought on the organization’s compliance with national and
international laws on cryptographic controls?
Y ___ N ___
12.1.7 Collection of Evidence When an action against a person involves the law, have the rules for evidence
been followed for admissibility, quality, and completeness?
Y ___ N ___
12.2 Reviews of Security Policy
and Technical Compliance
To ensure compliance of IT systems with organizational security policies and
standards, compliance reviews should be conducted regularly.
12.2.1 Compliance with Security
Policy
Are all areas within the organization considered for regular review to ensure
compliance with security policies and standards?
Y ___ N ___
12.2.2 Technical Compliance
Checking
Are IT facilities regularly checked for compliance with security implementation
standards?
Y ___ N ___
12.3 System Audit Considerations There should be controls over operational systems and audit tools during system
audits to minimize interference to and from the system audit process, and to
protect the integrity and prevent the misuse of audit tools.