In Partnership with Techstreet
Providing the standard information required for your job
Checklists for Data Security Standards

After finding the SEPT product you want to purchase, click on BUY and the system will transfer you to Techstreet store which provides the fulfillment process for SEPT.

Checklist for Standard ISO/IEC 27001:2022 - Information Security Requirements

Authors: Andy Coster and Stan Magee Pages: 124

This Software Engineering Process Technology (SEPT) checklist enables an organization to have the confidence that it has created all of the 371 artifacts required by the ISO/IEC 27001:2022 standard as well as additional ones recommended by the experts at SEPT. Each artifact on this checklist is identified as a: policy, procedure, plan, record, document, audit, or review. Listed in tabular form, the checklist provides a clear, concise view of what is required by the standard.

When an artifact has been checked off on the checklist, it means that the physical item exists or that, for a review or audit, evidence exists that the review or audit has been conducted. The checklist thus helps you ensure that you have not only met the standard, but can also demonstrate that fact to any outside organization.

For 20+ years SEPT has produced checklists for organizations that require the highest level of proof that they have created all of the artifacts needed to meet the requirements of a particular standard like ISO/IEC 27001:2022 (which has 371 identified artifacts). Our senior staff has many years of experience in developing world class software engineering process standards and checklists. On average, we spend over 500 manhours to construct a checklist for a standard - verifying that it is accurate and no nuance of the standard has been overlooked. Every step along the way in the creation of a checklist is verified by multiple individuals to ensure accuracy.

Creation of artifacts called out in this checklist, if properly constructed, should satisfy any review body that your organization has satisfied the requirements of ISO/IEC 27001:2022.


Checklist for Standard ISO/IEC 27002: - Information Security Code of Practice

ISO/IEC 27002:2013 gives guidelines for organizational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organization's information security risk environment(s).

It is designed to be used by organizations that intend to:
  • select controls within the process of implementing an Information Security Management System based on ISO/IEC 27001;

implement commonly accepted information security controls;

  • develop their own information security management practices

The updates included in the ISO/IEC 27002:2013 guidelines standard are listed at a high level in an Annexed reference in ISO 27001:2013 as appropriate guidance to demonstrate conformance to ISO/IEC 27001:2013. If an Organization is interested in testing their conformance to ISO/IEC 27001:2013 this checklist will provide an analysis of the detail in the ISO/IEC 27002 guidelines that forms a part of ISO/IEC 27001:2013.

Published By: Software Engineering Process Technology (SEPT)

Page Count: 621

Checklist for Standard ISO/IEC 27018:2014 - Information Security, Protection of Personally Identifiable Information (PII)

Description / Abstract:

Overview of the base standard ISO/IEC 27018:2014

ISO/IEC 27018 establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.

ISO/IEC 27018 specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which might be applicable within the context of the information security risk environment(s) of a provider of public cloud services.

ISO/IEC 27018 is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations.

The guidelines in ISO/IEC 27018 might also be relevant to organizations acting as PII controllers; however, PII controllers can be subject to additional PII protection legislation, regulations and obligations, not applying to PII processors. ISO/IEC 27018 is not intended to cover such additional obligations

Annex A to ISO/IEC 27018:2014 specifies new controls and associated implementation guidance which, in combination with the augmented controls and guidance in ISO/IEC 27002, make up an extended control set to meet the requirements for PII protection which apply to public cloud service providers acting as PII processors. These additional controls are classified according to the 11 privacy principles of ISO/IEC 29100.

Purpose of this standard

More companies are going to the Cloud each day. The “cloud” offers organizations a variety of benefits: cost savings, flexibility and mobile access to information. However, it also raises concerns about data protection and privacy; particularly around personally identifiable information (PII). PII includes any piece of information that can identify a specific user. The more obvious examples include names and contact details or your mother’s maiden name. The cloud processor also has high risk. Security must be extremely high especially if you have a subcontractor doing part of the work. If this data is compromised it could cost a company, customers, money and reputation

Published By: Software Engineering Process Technology (SEPT)

Page Count: 101