Policies for information security: Zyte has established policies to ensure the suitability and effectiveness of management's direction and support for information security. The Information Security Policy reflects senior management's commitment and provides overarching policy statements, with subordinate policies detailing specifics.
Information security roles and responsibilities: Zyte has established a clear structure for implementing and managing information security. This defines roles and responsibilities for all ISO 27001 requirements, policies, and controls within the organization.
Segregation of duties: Zyte prevents fraud, errors, and bypassing of security controls by ensuring that conflicting responsibilities are not assigned to a single individual. This helps maintain integrity and prevents abuse of authority.
Management responsibilities: Zyte's management is accountable for ensuring information security awareness and compliance. They provide leadership, allocate resources, and ensure employees are properly briefed and trained.
Contact with authorities: Zyte ensures proper communication between the organization and legal, regulatory, and supervisory bodies. It defines nominated contacts and procedures for different types of authorities.
Threat intelligence: Zyte gathers and analyzes information about potential threats. It outlines various sources of threat intelligence and how it is assessed and responded to.
Information security in project management: Zyte addresses information security risks throughout the project lifecycle. Security objectives, requirements, and risk assessments are all considered in project management processes.
Inventory of information and other associated assets: Zyte maintains an inventory of all information and associated assets. It also includes assigning ownership and responsibilities for managing these assets.
Acceptable use of information and other associated assets: Zyte outlines the principles for protecting and handling information and assets within the organization. It covers policies, codes of conduct, and the use of personal devices.
Return of assets: Zyte protects organizational assets during changes or termination of employment or contracts. It sets out responsibilities and procedures for asset returns.
Classification of information: Zyte identifies and protects information based on its importance. It emphasizes risk assessment and clear classification rules.
Labeling of information: Zyte supports the communication and management of information classification. It ensures that information is properly labeled according to its classification level.
Information transfer: Zyte focuses on maintaining the security and privacy of information during transfer. It covers various forms of communication and data transfer.
Access control: Zyte authorizes and prevents unauthorized access to information and assets. It is based on principles like "deny-by-default," "need-to-know," and "least privilege."
Identity management: Zyte allows for the unique identification of individuals and systems accessing organizational information. It covers registration, de-registration, and review of user access.
Authentication information: Zyte ensures proper entity authentication and prevents failures of authentication processes. It outlines password policies and the management of authentication information.
Access rights: Zyte ensures that access to information and assets is defined and authorized based on business requirements. It covers access provision, approval, and management.
Information security in supplier relationships: Zyte maintains information security and privacy in supplier relationships. It involves categorizing, evaluating, and managing supplier-related risks.
Addressing information security within supplier agreements: Zyte incorporates information security requirements into supplier contracts. It outlines the general approach to supplier agreements and risk-based considerations.
Managing information security in the ICT supply chain: Zyte emphasizes a risk-based approach to supplier management in the ICT supply chain. It outlines criteria for selecting and managing suppliers based on their risk level.
Monitoring, review and change management of supplier services: Zyte ensures the maintenance of agreed-upon information security and service delivery from suppliers. It covers monitoring, reviewing, and managing changes to supplier services.
Information security for use of cloud services: Zyte specifies and manages information security for cloud service usage. It outlines the selection process, certification requirements, and risk management for cloud service providers.
Information security incident management planning and preparation: Zyte ensures a quick and effective response to security incidents. It outlines the incident management process and responsibilities.
Assessment and decision on information security events: Zyte categorizes and prioritizes security events. It defines different types of events and outlines the process for assessing and communicating them.
Response to information security incidents: Zyte details how to respond to different types of security incidents. It provides guidance on incident response procedures and actions.
Learning from information security incidents: Zyte analyzes and learns from incidents. It outlines the process for root cause analysis and implementing corrective actions.
Information security during disruption: Zyte focuses on maintaining information security during business disruptions. It outlines measures for ensuring the continuity of information security operations.
ICT readiness for business continuity: Zyte ensures that ICT systems are prepared for business continuity. It emphasizes the importance of resilience, recovery, and contingency planning.
Legal, statutory, regulatory and contractual requirements: Zyte addresses compliance with legal, statutory, regulatory, and contractual requirements. It highlights the importance of understanding and adhering to legal and regulatory obligations.
Intellectual property rights: Zyte focuses on protecting the organization's intellectual property. It emphasizes the importance of safeguarding IP and preventing its unauthorized use.
Protection of records: Zyte ensures that records are protected and maintained. It covers record retention policies and procedures for secure handling.
Privacy and protection of PII: Zyte focuses on protecting personally identifiable information (PII). It emphasizes compliance with privacy regulations and the implementation of privacy controls.
Independent review of information security: Zyte ensures that the information security program is regularly reviewed. It covers audits, assessments, and evaluations of information security controls.
Compliance with policies, rules and standards for information security: Zyte ensures adherence to information security policies, rules, and standards. It emphasizes the importance of monitoring and enforcing compliance.
Documented operating procedures: Zyte ensures that procedures are documented and followed. It highlights the importance of clear and up-to-date procedures for information security operations.
Screening: Zyte screens potential employees on demand before granting access to the organization's information and assets.
Terms and conditions of Personnel: Zyte clearly defines information security responsibilities and expectations in the terms and conditions of employment. These terms address confidentiality, acceptable use, and consequences for violations.
Information security awareness, education and training: Zyte provides all personnel with appropriate information security awareness, education, and training. This ensures understanding of policies and responsibilities in protecting information.
Disciplinary process: Zyte has a disciplinary process to address information security violations by personnel. This ensures accountability and serves as a deterrent for non-compliance.
Responsibilities after termination or change of employment: Zyte defines clear responsibilities for information security after employment terminates or changes. This includes returning assets, maintaining confidentiality, and understanding ongoing obligations.
Confidentiality or non-disclosure agreements: Zyte uses confidentiality or non-disclosure agreements to protect sensitive information. These agreements ensure personnel understand and agree to their obligations regarding confidential data.
Remote working: Zyte implements specific security measures to address the risks associated with remote working. These measures ensure that information security is maintained when personnel work outside of Zyte's premises.
Information security event reporting: Zyte requires all personnel to report any suspected information security events or incidents. This allows for prompt investigation and response to potential security breaches.
Physical security perimeter: Zyte thru professional cloud provider defines and implements physical security perimeters to protect its facilities and assets. This includes barriers, gates, and other measures to control access.
Physical entry: Zyte thur professional cloud provider controls and monitors physical entry to secure areas. This involves procedures for authorizing entry and preventing unauthorized access.
Securing offices, rooms and facilities: Zyte thur professional cloud provider secures offices, rooms, and facilities to protect information and assets. This includes locks, alarms, and other security measures.
Physical security monitoring: Zyte thur professional cloud provider implements physical security monitoring to detect and respond to security incidents. This may involve CCTV, alarms, and security patrols.
Protecting against physical and environmental threats: Zyte thur professional cloud provider has measures in place to protect against physical and environmental threats. This includes protection against fire, flood, and other hazards.
Working in secure areas: Zyte thur professional cloud provider defines and implements procedures for working in secure areas. These procedures ensure that only authorized personnel have access and that security is maintained.
Clear desk and clear screen: Zyte implements a "clear desk and clear screen" policy to protect sensitive information. This means that sensitive information is not left visible when not in use.
Equipment siting and protection: Zyte thur professional cloud provider sites and protects equipment to minimize the risk of damage or theft. This includes physical protection and environmental controls.
Security of assets off-premises: Zyte has measures in place to secure assets when they are taken off-premises. This includes tracking, encryption, and other security measures.
User endpoint devices: Zyte secures user endpoint devices to protect against unauthorized access and malware. This includes laptops, desktops, and mobile devices.
Privileged access rights: Zyte restricts and manages privileged access rights to prevent misuse. Only authorized personnel have elevated access, and their activities are monitored.
Information access restriction: Zyte restricts access to information based on the principle of least privilege. Users only have access to the information they need to perform their job duties.
Access to source code: Zyte controls access to source code to prevent unauthorized modifications or disclosure. This includes version control, access restrictions, and code reviews.
Secure authentication: Zyte uses strong authentication mechanisms to verify user identities. This includes multi-factor authentication and strong password policies.
Capacity management: Zyte ensures that IT resources are sufficient to meet business needs. This helps to prevent service disruptions and performance issues.
Protection against malware: Zyte has measures in place to protect against malware infections. This includes anti-virus software, intrusion detection systems, and user education.
Management of technical vulnerabilities: Zyte identifies and addresses technical vulnerabilities in a timely manner. This includes patch management, vulnerability scanning, and penetration testing.
Configuration management: Zyte ensures that IT systems are configured securely and consistently. This includes documenting configurations, implementing change control processes, and performing regular audits.
Information deletion: Zyte deletes information securely when it is no longer needed. This includes data wiping, secure deletion tools, and policies for data retention.
Data leakage prevention: Zyte implements data leakage prevention measures to prevent sensitive information from leaving the organization. This includes monitoring network traffic, controlling data transfers, and educating users.
Information backup: Zyte performs information backups regularly and stores them securely. This ensures that data can be recovered in the event of a system failure or disaster.
Redundancy of information processing facilities: Zyte implements redundant systems and infrastructure to ensure business continuity. This includes failover systems, load balancing, and disaster recovery planning.
Logging: Zyte logs system activities to monitor for security events and troubleshoot issues, logs are stored securely.
Monitoring activities: Zyte monitors activities to detect and respond to security incidents. This includes network monitoring, system monitoring, and security event monitoring.
Clock synchronization: Zyte maintains clock synchronization to ensure accurate timekeeping for logs and security events. This is important for correlating events and investigations.
Use of privileged utility programs: Zyte controls and monitors the use of privileged utility programs. This helps to prevent misuse of powerful tools.
Installation of software on operational systems: Zyte controls the installation of software on operational systems to prevent unauthorized changes. This includes change control processes, testing, and approval.
Networks security: Zyte implements network security measures to protect against unauthorized access and attacks. This includes firewalls and network segmentation.
Security of network services: Zyte secures network services to prevent exploitation. This includes disabling unnecessary services, patching vulnerabilities, and using secure configurations.
Segregation in networks: Zyte segregates networks to limit the impact of security incidents. This includes using VLANs, firewalls, and other network segmentation techniques.
Web filtering: Zyte uses web filtering to block access to malicious or inappropriate websites. This helps to protect against malware and other web-based threats.
Use of cryptography: Zyte uses cryptography to protect sensitive information in transit and at rest. This includes encryption, digital signatures, and key management.
Secure development life cycle: Zyte implements a secure development life cycle (SDLC) to ensure that security is considered throughout the software development process. This includes threat modeling, secure coding practices, and security testing.
Application security requirements: Zyte defines and implements application security requirements to protect against vulnerabilities. This includes input validation, access control, and secure session management.
Secure system architecture and engineering principles: Zyte follows secure system architecture and engineering principles to design and build secure systems. This includes the principle of least privilege, defense in depth, and secure design patterns.
Secure coding: Zyte follows secure coding practices to prevent vulnerabilities in software. This includes input validation, error handling, and avoiding common coding mistakes.
Security testing in development and acceptance: Zyte performs security testing throughout the development and acceptance process. This includes vulnerability scanning, penetration testing, and code reviews.
Separation of development, test and production environments: Zyte where technically feasible separates development, test, and production environments to prevent unauthorized changes and disruptions. This includes access controls and change management.
Change management: Zyte has change management processes in place to control and monitor changes to IT systems. This helps to prevent unauthorized changes and ensures that changes are implemented securely.
Test information: Zyte protects test information to prevent unauthorized access or disclosure. This includes data masking, access controls, and secure storage.
Protection of information systems during audit testing: Zyte has measures in place to protect information systems during audit testing. This includes access controls, logging, and monitoring.