Professional Documents
Culture Documents
IT Information
IT Information
4) question / requirement
1.3.2 To what extent are information assets classified and managed in terms
of their protection needs?
2.1.1 To what extent is the suitability of employees for sensitive work fields
ensured?
Information classification ❒
Up-to-date and periodically reviewed procedure for identifying, analyzing and evaluating risk
in the ISMS.
Evidence of the competence of the staff involved in the management of the ISMS.
☒ security zones map (area / buildings / rooms / parking and parking for test or prototype
cars) based on the risk analysis for the location,
☒ adequate protection measures: rules for granting / withdrawing access rights, behavior in
zones, bringing in and using portable IT mobile devices,
☒ people, who are in individual security zones are aware of the rules for use and behavior.
Documented in the form of an up-to-date and periodically reviewed internal regulation of the
company on the management of access rights, access control, applicable rules, the method of
requesting, processing and approving access rights, roles and responsibilities in this process.
Documents confirming the cyclical nature of the process together with the results of the last
completed access rights review for regular, privileged and technical accounts.