To prevent loss, damage, theft or compromise of assets and interruption to the organization’s activities.

To prevent unauthorized physical access, damage, and interference

ensure that information receives an appropriate level of protection

achieve and maintain appropriate protection of organizational assets.

Change management

Operational procedures and responsibilities

System planning and acceptance

Controls against malicious code

To maintain the security of information and software exchanged within an organization and with any external entity.

To prevent unauthorized disclosure; modification, removal or destruction of assets, and interruption to business activities.

To ensure the protection of information in networks and the protection of the supporting infrastructure.

To maintain the integrity and availability of information and information processing facilities.

User registration

Privilege management

User password management

Access control policy

To prevent unauthorized access to information held in application system.

To prevent unauthorized user access, and compromise or theft of information and information processing facilities.

To prevent unauthorized access to operating systems.

ensured by validation tests carried out in the software development cycle.

To protect the confidentiality, authenticity or integrity of information by cryptographic means

To prevent errors, loss, unauthorized modification or misuse of information in applications.

To ensure that security is an integral part of information systems.

Facilitation of trading in trusted environment

A set of tailored policy, standards, procedures and guidelines

Improved customer retention and acquisition

Compatible with other ISO standards