ࡱ>  T8\p Guha, Subrata Ba==i$*8X@"1Arial1Arial1Arial1Arial1Arial1Arial1QTahoma1QTahoma1Arial1Arial1 Arial1$Arial1Arial1(Arial1QTahoma1QTahoma1Calibri1 Calibri1 Calibri14 Calibri1  Calibri1Calibri1 Calibri1,8 Calibri18 Calibri18 Calibri1> Calibri14 Calibri1< Calibri1?Calibri1h8Cambria1Calibri1 Calibri1Arial"$"#,##0_);\("$"#,##0\)!"$"#,##0_);[Red]\("$"#,##0\)""$"#,##0.00_);\("$"#,##0.00\)'""$"#,##0.00_);[Red]\("$"#,##0.00\)7*2_("$"* #,##0_);_("$"* \(#,##0\);_("$"* "-"_);_(@_).))_(* #,##0_);_(* \(#,##0\);_(* "-"_);_(@_)?,:_("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_)6+1_(* #,##0.00_);_(* \(#,##0.00\);_(* "-"??_);_(@_)$[$-409]dddd\,\ mmmm\ dd\,\ yyyy m/d/yy;@ mm/dd/yy;@"Yes";"Yes";"No""True";"True";"False""On";"On";"Off"],[$ -2]\ #,##0.00_);[Red]\([$ -2]\ #,##0.00\)                                                                      ff + ) , *      P  P         `            a> ! 0@ @ "8@ @ 0@ @ " 8@ @  x@ @ + x 14@ @ 1 |@ @ + 1  "  "8  "8  "8  @ p@ @  x@ p@ x@ @/ x@ @/  x@ @  8@ @  8@ @ x@ @ 8@ @ 0@ 0@ 0@ 0@ 8@  *  "  "8  "8  "8 x@ @ x@  x@  x@ @     x@ @ 8@  8@@ 0@ 0 @ 0@ 0 0 ||r"}A} 00_)ef[$ -}A} 00_)ef[$ -}A} 00_)ef[$ -}A} 00_)ef[$ -}A} 00_)ef[$ -}A} 00_)ef [$ -}A} 00_)L[$ -}A} 00_)L[$ -}A} 00_)L[$ -}A} 00_)L[$ -}A} 00_)L[$ -}A} 00_)L [$ -}A} 00_)23[$ -}A} 00_)23[$ -}A} 00_)23[$ -}A} 00_)23[$ -}A}  00_)23[$ -}A}! 00_)23 [$ -}A}" 00_)[$ -}A}# 00_)[$ -}A}$ 00_)[$ -}A}% 00_)[$ -}A}& 00_)[$ -}A}' 00_) [$ -}A}( 00_)[$ -}}) }00_)[$ -##0.  }}* 00_)[$ -???##0.??? ??? ???}-}/ 00_)}A}1 a00_)[$ -}A}2 00_)[$ -}A}3 00_)?[$ -}A}4 00_)23[$ -}-}5 00_)}}7 ??v00_)̙[$ -##0.  }A}8 }00_)[$ -}A}9 e00_)[$ -}x}:00_)[$##  }}; ???00_)[$???## ???  ??? ???}-}= 00_)}U}> 00_)[$## }-}? 00_)   3     3                       3   20% - Accent1M 20% - Accent1 ef % 20% - Accent2M" 20% - Accent2 ef % 20% - Accent3M& 20% - Accent3 ef % 20% - Accent4M* 20% - Accent4 ef % 20% - Accent5M. 20% - Accent5 ef % 20% - Accent6M2 20% - Accent6  ef % 40% - Accent1M 40% - Accent1 L % 40% - Accent2M# 40% - Accent2 L渷 % 40% - Accent3M' 40% - Accent3 L % 40% - Accent4M+ 40% - Accent4 L % 40% - Accent5M/ 40% - Accent5 L % 40% - Accent6M3 40% - Accent6  Lմ % 60% - Accent1M 60% - Accent1 23 % 60% - Accent2M$ 60% - Accent2 23ږ % 60% - Accent3M( 60% - Accent3 23כ % 60% - Accent4M, 60% - Accent4 23 % 60% - Accent5M0 60% - Accent5 23 %! 60% - Accent6M4 60% - Accent6  23 % "Accent1AAccent1 O % #Accent2A!Accent2 PM % $Accent3A%Accent3 Y % %Accent4A)Accent4 d % &Accent5A-Accent5 K % 'Accent6A1Accent6  F %(Bad9Bad  %) Calculation Calculation  }% * Check Cell Check Cell  %????????? ???+ Comma,( Comma [0]-&Currency.. Currency [0]/Explanatory TextG5Explanatory Text %0 : Followed Hyperlink 1Good;Good  a%2 Heading 1G Heading 1 I}%O3 Heading 2G Heading 2 I}%?4 Heading 3G Heading 3 I}%235 Heading 49 Heading 4 I}%6( Hyperlink 7InputuInput ̙ ??v% 8 Linked CellK Linked Cell }% 9NeutralANeutral  e%"Normal :Noteb Note   ;OutputwOutput  ???%????????? ???<$Percent =Title1Title I}% >TotalMTotal %OO? Warning Text? Warning Text %XTableStyleMedium2PivotStyleLight16`b RequirementsControlsNSPSSfnfX8@ H;; rFbFW'@&ת|FntFW'@&תPNG  IHDRHJsRGB@} pHYs+tEXtSoftwareMicrosoft Office5qEIDATx}t\Gn23;p&;fvw(̉c$0:ǎcfŲ33ZRjQ [jnٲ-=o%9߹ﭪ[mGn nn; V{ytttW@Ve9FW`auI`00[dFC;NW@.#C8'W/MOMbjO\tǵ;_GyhqE099)[pvN 4+FM@q*z,UFG([q&]@f\9R4m&$eK]0?>I2^ S0 D4 ;t8GLfɔvH1s\)GZu/*2 k'i?mIc3?zS^L "_&_!x $hBk[A T3A$'SI0[T(PةЉvʻ -m#; ԐlܩR#U}~~b[& h^_(Y- x~;HEhCh&֙go>CTcHFuj^LmNRE38Ӹ?}):L]eM]n61XaUp kDLH3F2{ރDx:}?z#HEZM5Ȩ"Rٍ>m㜘Ud FTޅ!LP=k fd gaYt!qb0# 6ϧ1!]D_I$$ym6^8 PͨlBdq .kR46ͻ'RIE'ZB".:`IA3/~s\/N4}!CAknH8B$ᡖ\^7>0qee=o 7xDgHu=Ok%dM"Y;HRWC:F/|qՒ,keF~/"yh] t"ZHؽZMLC5")*/C$:'usFrKjGci_6i`'[_iFRKMvl2yjDfqۇ.dKbDFگ};S3cär?N`7q*D6Vy"5@$È.utF5HtOw2$5l^7NR u}&ދMj??mL!+jUp6HrX7_aݚ4§-[Ff. _uttsو NE#Vy1aDoԛc8?ƔE/n~%5Bˢ&bd5H"PKRqTjd-5oR"ѕȬ"Ўe]\agǑtv+L͍ JRsP- ѯ +r\S㒪IH%+8yFq;"Ř9 rj Xzl"C!hR U@dҲSG͑dKJ-OK=_i6;LZDy_t2@v )gH1QKXڇ#i8.GnBȳ,hVJrcN@G*7 irRS:QUyr+S:<pߊ=.{R;qREGJ 2d=y5X`X"s`O_k:,UREX -/=|1ƻtPZ^CBo\YȺ$ d, #){f3{nӆ{ ml63 =pk#n݇hhhOoGra5lVOq6 =}H"0Уe*%) N eaai1Yl(o7 U:0l߈:C.藫a:e@-(:1ݲmfy^rbziTo jAX#Ƌa6bn.Fbv)R싚{8 -Ğb.8]J((!\#rp/뼳|8_AmL0Ъ58*þxL:d#K'PkwdZ|/wS(o[/b{P>*뚡T7nlBg0 :zdZx~ԅ;ex ?TUTͼ2+zP'"L<5F;K#ap9^ Zy>Qfv覤엋X_T7V5:\U~eXSʱk.*\sVX#6cw9ya ΗU`U`5za^\| K>.$ Tz^rAN=@0d)o'oΰ3(n$S oFK ~ &2I˓xs_d#ƾz­0%LYbKG`L|FeT^83 Xp*ǢxD.L$BnM. x:y( 5L u4!</bqK6|3%c<! D~q5ND`o.4캐Oec;ɽŠz+޹8!PFyъoJ!TZ vFJ*JrGT;+ZZ1 /0\M~yDlX ~|J*DnYjK[%%/cb.TPP+7 |>`=R|r>He~D7*DXO|:ga?:~Fy[Gyy=qM(nW&sLbSUv2+]Uq =Fmt") #xk$Ub9Im/.\&ݽ+8 K/Cf =\ϧ)B&VgML,<ӱ?KbOHy kE(5ʳX}.y`_*~<I .>&R=X햃y sDZ!v`oFXMkjmwj ָ S#()BlNv⑇. Z_Da_&MX9GfX$bߺX/D êzj:bIUX[j|ҀO%A JH+Nd`Kd^yX׎\ 4 $l Y%"bJ,';oI VύKTxzak6bQѡBUU]sBǀO+<2"\* ՔOCd6!BHW.-Z8ގpNtw3IGj8șWׇXH&>(IUYx=OOj"K:|$z$bK *yX5֜NĒ3: &HҭwORt*" Ƽ7˅g,mXPԊvrDCsʰ+0 ۂs4  B[]oޙ8P'%L$5$tD!H,{x:d=$ >|ENuEeGBjcVv㉰\|Z"lJ[A"%dL\ ccxw/j/5j\*PQۈ2Egv4X}m8ǹuNIJh+~tt+$sQ׭Cǐg2;k i!)%=D' HYAy͈)h@B 4U,@@N#"p! q0, D]VDv"0D!B ͇kL!΄fb["x%ax*l45"fx!jAMz1(W J5:h|xVE։>B*נI4{禤kPW`kp!^'oss ,d 575azfݶ SUfq{Si [?k=jR܌59Vg=˱3O6ye`Ʌf;Wk%i*CU{uJ zF$KjQۥAhf5cD>#Ms1>5'7HMh4pHvtLDG!>DLՁ_T>_阤D9)|K*_~-$Z"23OQM]TV@=j@%ՠWEBK! $N8S و aV)`֩XabzMvkhMm[-&l2i'-FQ5ZAznxn2f1P<픅۵榤"VPA:k#Oj JƱ1eh4st-Qѭs ]t:{.)"8r ʱl,^AFoh9lW.7͒RIF`ch t y ,P$rRFOd"xD9}4vs$ԒЂTf'"]R^%=DbŹt%IvD!#mKf+e 6 7CaaGhrcdjb4CЃcHMX,LOMYL+y~kڻ+fV9_Vps.~W;[щ~9X} !gzj>P ^uJdBtK'/Hl Z-F|G1I/13g fH>(d)G!ĔJPх.b e:Əfэ5N$uG V3q:tch fGǠ">Uq"IfA:q|dMC6ݫ%xۯl!]+c^]?!^bEXU69,v╰.grٹеq<=RUvJ<,|RԊZ FZIQRcv֤Nƭ OaGYPH=<:/z?" ~yCÈȳ\6K[M0O|3' >$p=yPO^yT9 {M4:VwImoކ!'t/6AfNHCOQPɇd'z{‘"w!^$;- VHy?/rb!stTRZl .űD>.Vckx_k>ȣʰܫHZm>I@W= W5BjeKUr3bwcm8L@kLxH#"GQN{.b{91=7D 6uw3rD{(Kj6nS|]I'O)kçxX=c2XeXJ(OS||2bl:_%2fbd Ӈ1y~IZj*nIūixD*6x+"V&aDaHVԈ0f!Ol*v{.UX疀=!7R I~B"Q |F/x`s|擎/`6K*2Dvh|_UD='|O(GxJrHv>%/LJ'3sIvOgv,*$!mgd)4cIw?'Kepw%yAXZMiڈ>"ѝ.T'{ 8Eu,!iR{9I"$ݹ, Iد/`q,j:Z͇ jn^DfaTl2 IRYt";2(*x xqywuhO  Ur#5BN:tHeJ|R4ݛ''㥳xJ7 wlFH{t,;#X,<)Xp0kOS I`hW!%@&2lJiXy"Fa8Hz_t۹#2p!:^Lbs{eH5)s5dw% RB ,xDd 6E5((A$l"e"u^IXIꖍr|BjE(nLeL;7X;IH8Ws]ך&pztD;x~=HwE<6Iw|J"\%=Alj@k=jyw=oxF_&CjI"6u;̣|g@ES'GmT֣ohɥ8%@za%ZH+kD&(mȈ mAҢε 覰A5!,-bֽj |-- l!IdXCN3)mdIEH$Z҄zr37:YOG]R&f bP]J.SL-5wx U'HRPL17$$EF3wGKq."w㙃# O7'BN_wù`PqeUPj%c睑xljZ$$ 0 iB|q>$(K"lb`d 1 S6:9n8}xTcd =AxꌐIb~kiCr uw*m[([Xe'sNJp1~HGD\RkT=S9+^(Ri<+yT- ^Y RLB<*!Eǹ壦^ZGR5vAP~oXWvrza\VP\3p?_3Tl&B}ɐϿNŦ DOJb=r",?q[;q^aNgpƮ~96_(Cg+S qxL<֝Ç.<[Vugb;mx\"h{2 o1?vOė9XpV_"ɈO+FS7ijzaFH"땇\Hґ~F"e*~N|vr2p]%7"6(T.~s?[aZ6sejڱIlt8/xd2i4:uoo+GlLR<3 =Ў(|q.w +ū8SUY8Z'''Gbʰ'd7`b ; Ti2,p-$ZAX^Ļ#ya!Fڛuxt%cD:ŜtmmU[o%zQ`f D=ؓІkϐ{λB ,$YŞU-x@vOxm^${+U]r,t]L@woPl-WdKF UM8L* "{?%$~H\e&n#{ toWn*mśGB"af! /S9a".G>Oŏt!9 5o&!EeC.?m)xH4{$hoQX+Q_u$ ; JhN'(㻣lw0PeqT{-aH-Aˇ"q40O ż8Dꛩr}Iׯ/%I8-^| l"RsKGtd$xכlS|#D nNII arCxg?6jgZ %# ϞOmf?7'DhNco:=IG {'INj$!BWpd[|9~lB .b2rb˱T Csw=}IJ9}{/DP\׫7zM/pm5gtZn5ّ0`k8z EE]3X?wќtFB|.CAxH.UBMWɰ#T}-DnDa{8&9{xMf|d@!քy,CVq /?2jXJ9_[gOMŸJ< I{;Uy_`DT,&-'pX>HΨ:sdQgbkIbl$}Iģt0p IsmÏVqJ:ufE[W?^=OXs4IEXOK#2Igb_ elt>ǒ}H P'p>!DQX~ nYx{jǧRÛ4Ys( @wS{:%Chv"r+S#!$>9OGXF ᡽GC|^#ݢ9jQ(`j(L GCHX$G|"ow r4B: RqOž|螄ߒTJۧb}K!oN) L00ܦ`[ZXyX8nƑ7u0-K4cZ7,oVtgM)8׺Q!D'Xl16S3w(LL1U-Ȯ&Ig2mdJCr4Z;&Q C12@BCEYU\LNja l"5AtP, rP6GB /4!JJmnm}ƯºlmjZ5a悎±&&'dl736ŝ^gk5Ix Aa?99.]3FĘMnĸϐ-6<>s&bޝFG&>-{uB>{x~l]]7>>ߚxrjbCxl?R<;J"IlͮHؽgy2>rKzd,%DƇ;ҎgɎ[} k/#ԮX)Es*pAT.a@iVYr^?xI@;l\On&WZtc<*U;|э˘&+#s|1]'kC$q%6ҵC a?zH̕{]|ސj rnqK26b4;ߺM`rLV\ӄ$ޙə7` ID;ðx㸈w%Et1|~΅bh'/ kH<3+wǢx`Er`b3@qK;`t4r{E90|8"ݨHRkTu3U x&^1W85lGA*Oee.b`'f%;=-=E%OP'y;$={eB$jB$j1[^d꫼>#GXq(9lL\”k7S3l#¯ KLNpLf7"'B]vYybd +@}}_TĬoVBcc3j 9s_IL{|$^9JA2ߛgHR=;q 'ZNӻ.] "O>_|~<x0HßC>((*Gk:rd3!5bVT^aF;őS~u_7,OpԱuBGߍgqI2nwAR4\>>yըӠM9-OIi`}ԀZI;b?>f zP]> M*Gln%.OOmB{k+ ~5R LHԢFa>q?ß> ]ǍfO֡k _=n5z& Vk\^. iVcy{ 5ΠFFK."_e =@Rc`1S@>Dcg zY@#5rC-]gqGLHK6q{L&F>=*w#4R%GQ9a=Ru*?'EOunKX^}쏇>.Bod[@/kdWRXZ\ 8#xP+tgPߣ^*K^"Ϻ^X >`lFO"$+ 3 U*nǰ)-*[f?[vPAB]0RkOTaݱʭEYT9W)ctqUK;6%W aPAF4md6(:*sd34=-[Үۛ`Xm6TJr/aRB1t|wb"u_qz/IQ0${c_1{P*+ [*:(lQ:k#ovh+NA(C%m>ۑpE<#O[Ͷח_=GتGD|7WSY'-mS(EHF奄{{,/.E;I)8Fl65 yD"7p5|vs0B[†gRRyQd50r"] v=WDFy6߭Ev| [ L0)>uΈws٭wɑ]/+°<1R!mbC^^H83q<Bwyf fEe&!W܉n>5ztתydԺn =+,^ۚ;jϪ#\ugE$y2sɨe1sĞ<Ȕv5R:ۍU3*G:GZ{Lrۧ/r˯{SH( ,s!O$;jlF嚂*TfjJDkl)o瘾Q5^6LKB>>`P6"z} Dq޳?1Kp'r> 65†h#lz^ ZkٮKc 0/(Lz4r(]ggaL0`V>G{ˠ{V2=_f6GHJ%wvhG'ت&C?Oؚ F~|9?NpӰRQ=:  N-2BcoX_k0ΚcrNtQX¿AN`5` VBhs]':g_f&˥]8ZWWzz'ʈQj-DFn J*Ar:l 6Qke/sFpsPj(!h&d)ۣb~B 9 ;):輓wA_TVDu X| vT8>:O*!‹y tͩBDa;%%JqC6:w&; CCC:u%1GDTW *ZK%~Ad{Ho,fI>wdm+dRUJOw/yCk|:.lYmִoXYd;T t߇AYJx kDΉըn`ɰoAc2ɧR|zsT.{Iu239RwdA}kI7Tb^UFQIP`48$RbjcIEf/Dd*m5XG؀=L|qn kPu2V1{sjң#[i6a,*JK4[sfx.[Ov Y4 0yt$UH% BHO0䌌Ӌ>HH0yLx qvO"h8:)A"3D(hg-vN龦jlLm1HRq$ 3VZlܒyblwpfJc ΤTk"-ݘ?`4DZ#\[I. a*?t-R"-"--_TIENDB`3 A@@   (Information security incident management CompliancelDoes organization's network adequately protected against external threats? How network services are secured?;Does organization's information system regularly backed up?;Information system acquisition, development and maintenanceControl objectiveCommentsAsset managementNetwork security managementSectionQuestion;Does ISMS policy establishes criteria for evaluating risks?Status ReferenceDoes organization signs information exchange agreements with external parties? This should include software exchange, physical media exchange, electronic messaging.Access control.ISO 27001 Self Assessment Worksheet DQS Inc./ISO 27001 Self Assessment Worksheet DQS Inc.>Does organization has determined external and internal issues?KDoes organization has identified interested parties and their requirements?Context of the organizationXDoes organization has defined roles, responsibilities and authorities for the personnel? LeadershipPlanning6.1.16.1.26.1.3;Does organization has defined ISMS risk assessment process?:Does organization has defined ISMS risk treatment process?.Does organization has defined ISMS objectives?;Does organization provides adequate resources for the ISMS?SupportFDoes organization provides trainings to develop required competencies?/Does organization creates awareness about ISMS?8Does organization provides communication regarding ISMS?MDoes organization plan, implement and controls the processes related to ISMS?KDoes organization performs ISMS risk assessment using the process at 6.1.2?/Does organization develops risk treatment plan? Operations1Does organization measures effectiveness of ISMS?0Does organization conducts internal ISMS audits?7Does senior management reviews performance of the ISMS?Performance evaluationRDoes organization has formal corrective action process to resolve nonconformities?7Does organization drives continual improvement of ISMS? Improvements_Does senior management of the organization demonstrates leadership and commitment towards ISMS?,Does organization has defined scope of ISMS?*Does organization has established an ISMS?WDoes organization has considered the inputs from 4.1 and 4.2 above while defining ISMS?GDoes organization creates and maintains documentations related to ISMS?ControlA.5.1A.5.2RDoes your organization has an ISMS policy which is approved by senior management? *Does it get reviewed at planned intervals?Information security policies.Does ISMS roles and responsibilities defined? A.6.1.1A.6.1.2A.6.1.5$Organization of information security8Does organization has implemented segregation of duties?5Does organization manages security risks in projects?A.6.2.1-Does organization has a mobile device policy?+Does organization has a teleworking policy?A.6.2.2Mobile device and teleworking HR Security A.7.1.1A.7.1.2A.7.2.2A.7.3.1A.8.1.15Does organization has established an asset inventory?A.8.1.2/Does asset ownership assigned in the inventory?A.8.1.3/Does organization has an acceptable use policy?A.8.1.4A.8.2.1;Does organization has an information classification policy?A.8.3.1A.8.3.3A.9.1.1/Does organization has an access control policy?>Does organization has a process for creating new user account?A.9.2.3>Does organization has a process for managing privileged users?:Does organization protects removable media during transit?A.9.2.5A.9.2.6PDoes organization has a process for removal or adjustment of user access rights?A.9.4.1A.9.4.4?Does organization restricts use of privileged utility programs?A.9.4.5\Does organization has a process for recovering assets from the employees during separation?KDoes organization has a process for managing separation or change of roles?>Does organization conducts background screening before hiring? Cryptography#Physical and environmental securityA.11.1.4UDoes organization has systems to protect against external and environmental threats?A.11.1.5FDoes organization has defined rules for working inside their facility?A.11.1.64Does organization protect delivery and loading area?A.11.2.1;Does organization has a process for equipment installation?A.11.2.2:Does organization has support utilities (UPS, generators)?A.11.2.3-Does organization provides cabling guideline?A.11.2.44Does organization periodically maintains equipments?A.11.2.5?Does organization controls removal of assets from the facility?A.11.2.6/Does equipments are secured when taken offsite?KDoes organization has a process for secure disposal or reuse of equipments?aDoes organization has appropriate contacts with relevant authorities and special interest groups?A.6.1.3, A.6.1.4>Does employees acknowledge terms and conditions of employment?:Does organization provides security training to new hires?Does management instructs employees and contractors to comply with ISMS policies? Is there a disciplinary process to deal with policy violations?A.7.2.1 A.7.2.3A.8.2.2, A.8.2.3BDoes organization controls use of removable media (e.g. USB keys)?A.9.1.2 A.9.2.1 A.9.2.2IDoes organization has Password management and user authentication system?A.9.2.4 A.9.3.1 A.9.4.2 A.9.4.34Does organization restricts access to applications ?>Does organization has an encryption and key management policy?A.10.1.1 A.10.1.2[Does organization restricts physical access to its facility? Does office rooms are secured?A.11.1.1 A.11.1.2 A.11.1.3A.11.2.7 A.8.3.2cDoes organization has clear desk and screen policy? Does idle computer screens locks automatically?A.11.2.8 A.11.2.9Operations securityA.12.1.1HDoes organization has documented operating procedures for IT operations?iDoes organization follows change control process for managing changes to applications and infrastructure?A.12.1.3IDoes organization monitors and manages capacity of its IT infrastructure?A.12.2.1:Does organization has adequate protection against malware?A.12.3.1A.12.4.1 A.12.4.2 A.12.4.3A.12.4.4QDoes organization collects event logs including system administrator activities? A.12.7.1$Does organization audits event logs?A.12.6.1PDoes organization runs periodic scans to identify and remediate vulnerabilities?A.13.1.1 A.13.1.2A.13.1.3+Does organization use network segregation ?#A.13.2.1 A.13.2.2 A.13.2.3 A.13.2.4Does organization identify security requirements in the new information systems including protection of communication over public network? A.14.1.1 A.14.1.2 A.14.1.3A.14.2.1 A.14.2.5 A.14.2.6A.12.1.2 A.12.6.2 A.14.2.4gDoes organization has secure development environment and follows secure system engineering principles?A.14.2.3 A.14.2.8 A.14.2.9[Does organization performs security reviews and security testing after application changes?A.14.2.7=Does organization monitors outsourced development activities?A.14.3.1oDoes organization use production data for testing? If yes, does it protects sensitive information in test data?A,15,1,1LDoes organization has a security policy on supplier relationship management?sDoes supplier agreement contains security requirements including flow down of requirements to next level suppliers?A.15.1.2 A.15.1.3A.15.2.19Does organization regularly reviews supplier performance?A.15.2.2<Does organization manages changes to the suppliers services?Supplier security management,A.16.1.1 A.16.1.2 A.16.1.3 A,16.1.4 A.16.1.5`Does organization has process for managing security events and responding to security incidents?A.16.1.6CDoes organization collects lessons learned from security incidents?A.16.1.7A.17.1.1 A.17.1.2 [Does organization has plan for continuity of information security during adverse situation?A.17.1.39Does organization periodically test or reviews this plan?A,17.1.4_Does organization's infrastructure has sufficient redundancy to meet availability requirements?<=Information security aspect of business continuity managementnDoes organization ensures compliance with regulatory requirements including privacy and intellectual property?,A.18.1.1 A.18.1.2 A.18.1.3 A.18.1.4 A.18.1.5A.18.2.1 A.18.2.2 A.18.2.38Does organization's ISMS undergoes independent reviews? DDoes assets are labeled and handled according to the classification?ADoes asset owners review user access rights at regular intervals?2Does organization restricts access to source code?FDoes organization synchronized all system clocks with a common source?wDoes organization has a process for collection and preservation of evidence from incidents for potential legal actions?\} ~ar"~.Eg p % ֊ ًSEWÑs/S^woccB T8 (  dMbP?_*+%&?'?(?)?M2Bullzip PDF PrinterTS odXXLetterPRIV''''T\KhC/  SMTJpBullzip PDF PrinterResolution300dpiPageSizeA4PageRegion"dXX??&U} } m C} I$}  }  } J@ @E@@@@@   g@ @ @@@@@@@@@@@@@@ `aaaabcccccd F F F F F I GG ZBffffff@ @ DAH[~ B@z@ @ DAH[~ Bz@ W/ DAH\B@ W0 DAH ZBffffff@ W. DAH]~ B@@ @ DAH ^~ B@ W DAH Z X W1 DAH _ X W DAH _ X W DAH ^~ B`@ W DAH Z~ B0@ W DAH]~ B@ W DAH]~ BІ@ W! DAH]~ B @ W" DAH^~ B@ W2 DAH Z&~ BP@ W# DAH]Bffffff @ W$ DAH^B @ W% DAH Z*~ Bp@ W' DAH]Bffffff"@ W( DAH^B"@ W) DAH Z-~ B@ W+ DAH^Bffffff$@ W, DAH:"b>66:>66:666:6666:::::::' :'(    B  XPP?]4@ csI<q  2<3Answer "Partial" if requirement is partially met. <2c01  T  X?X]4@ t8NkSxO F<GCS - Completely satisfied PS - Partially Satisfied NS - Not satisfied <E F8 8 5  xI"(kLY(kA@?Text Box 19"vpPK![Content_Types].xmlJ0*miG]`Hm6 Xwt?. g#Wi3E).+7 >ON ޑ1ˋz "+R RhB.} /<^ITխ%rHK4uK~I0xM e`|X}đ I`߽N4aG2$RKIZ)4(M9`ctB{m:f@`3n|O,ܗr޾jxR0T ,0@}WBLǬ5vPK!/0o drs/shapexml.xmlVn8}/ H勄E.u muDYD(R%.w]EAΐs;^;4츱B/bJ*t)&_,sJcdR+#Ci2Z*̀ڹ6"[ԼaB\ҦafAy#QO#J[sn.n7\+o"*@Z.}@sU-a29ɐFpɞn7nd'm&llKVSJ?8)# [sQpq2D Gȵ>aJxa7bmuh;o0+M>:=Z?f[W4/u UE0qO'Pǜ&d0Gi2PR/X>XCPQN /Lx@RH[YHCvLtuik!;;KISdw [KnAu#Q a2VWp6wt'ۚzX}BmD̨TJT]pkDNI$t>$d2Hg|t'ir3yEYru/}xA9M'pJ/P=~^*йc çR_HR7ͩeS",`h>.w$YpΩd 7;ʧ:z|Dؾ4v"v}&7(_ɫ@hl X¬)W+x{C&p ۜ*xňGhQJON ޑ1ˋz "+R RhB.} /<^ITխ%rHK4uK~I0xM e`|X}đ I`߽N4aG2$RKIZ)4(M9`ctB{m:f@`3n|O,ܗr޾jxR0T ,0@}WBLǬ5vPK!DU drs/shapexml.xmlVYo8~_໣#$D.r6X?(-I_CRJ@My!ጮ@{f,תEST\m+r4:j"b>1/vuMImA`B*:וIbi$c 68x5ۤ6ƥH4&3ԶeE ^oE\jQZ,pOMd6y60i aw0'}f,$ c Aq{0}LK'FH3A7N6Sav-R^GG~=I%jˮ @z: ^Fo}D]Cdtڐ|viz9͊I e}\cD=<˼†KHc:cL: U0BdoE D ^/o5ͭ0hOD{%1nD.;Kj!ƃe1-9ՍS )$-zZ?7[-YUIOt-i |@GTRiOJKzpgx)|h9Fx2*f|fM1MnGpjy]3ubx <{Y 7+J0]:K%w e1p}#]Av('腊  D?W|sY?8~_¸u S;taƗ9LϧХ.XN0ɔCQxfKs(ȾN /8ؼ#; kPPK!~&drs/downrev.xmlPN0#"q<[EH)%IvUiwvwf4;[ ';i]g46 H] }yq^JFK`12{7EKMB+[ԸU# أ8TNC+6z85)O,^i͐>rp,aNr/ & H|] 10.a)>ek챯QĚ=1'&N(I8zdzC6%ҿ./PK-![Content_Types].xmlPK-!1_a ._rels/.relsPK-!DU )drs/shapexml.xmlPK-!~&drs/downrev.xmlPK^OC]7` <Implement ISMS<"3 3 8  xHV"(kLY(kA@?Text Box 28"qkPK![Content_Types].xmlJ0*miG]`Hm6 Xwt?. g#Wi3E).+7 >ON ޑ1ˋz "+R RhB.} /<^ITխ%rHK4uK~I0xM e`|X}đ I`߽N4aG2$RKIZ)4(M9`ctB{m:f@`3n|O,ܗr޾jxR0T ,0@}WBLǬ5vPK!OBF drs/shapexml.xmlVn8}_`#YK\^H`~-QԒ!-;n h~rngxFWw$nЪ㋘*] *Oє똪Ԋt-}?]m V&-@Pֹ"[cB\Ѧc^* ۂNFIO"jrμmշ\k"%WƀKf$y%Q27z; C}vvOΜ>:ex$ ۓUFwN Pm98y2DԀ[%(B;Lit܈ہv-VAW:&xշ-S+~m~-s!`2z-iծ1kCtH5'iASKٻ8X5@2WEpOoWCPI Om\x<\H[ZJC6Lt`~ꎙu?t3'B 7*WJ8,ӝNq`*TD{8 ]g W/Np6$ œ}BZ^\}APDToQJT6ڈC7I>Otf2q~O4ObNkC (./YZ(~' wqCJ: 1<1!::`PaC)P'RfGԗݯ%ZPJa}Ikf8%^&;t^H I/ SuoĪ 7c|s= |v\O0$C1v,?PK!drs/downrev.xmlTN0HHܨTԩ"TR$Ώ`&}{6Q~3/A[ix@JuVmuZ Gaa_^,<ӭڈMss͜RBr;эP8˵ܡ4 o\4[*y0x(E G4ďVnR=1v}%@i{꿚\S:. vHt4U +baB-:QiMύR:ϭp Y!u?BU<g=OGqPK-![Content_Types].xmlPK-!1_a ._rels/.relsPK-!OBF )drs/shapexml.xmlPK-!drs/downrev.xmlPK`]8`  < Monitor ISMS<" <1 1 9  xX"(kLY(kA@?Text Box 29"oiPK![Content_Types].xmlJ0*miG]`Hm6 Xwt?. g#Wi3E).+7 >ON ޑ1ˋz "+R RhB.} /<^ITխ%rHK4uK~I0xM e`|X}đ I`߽N4aG2$RKIZ)4(M9`ctB{m:f@`3n|O,ܗr޾jxR0T ,0@}WBLǬ5vPK!r$iOw=[lj{]>ڎ?5L(o7Ld7H'zρ]y#Z f[}T4/ uM qtDɱY>1FƦQP$$%)a_cM/_AC5t>G:h)5f,hg)놙m;(u2'VB w.JH]At#Q $B٩kVp6 Uqr톅z\=5TI |IU0FkY|xr9h_ƓA78n"8mDUqu/cx3=g蝕P=G 2Us="ESI_plDoUeDŽ rtRAĹ)NY_?0~_¸uQK ЗR k j?oȅ^f&@xI'cRpN++0 (ٶF7l|`S|s=>8/QĮ>7Jg #)WoX_ z`#<`Y¬)(WOK6L"ۂ*\O#E)%+f9Sgl~;f%X60VJ==ypEd|j/rU=0Iڮ0r쪴Rpc?O^d/PK!]drs/downrev.xmlPN0#"qCiP@RJW7q6mur䶳3r6RUlTV+ez{I2gm3&ZkcSLP3Q=:\izpXNeG0_q7^"[[|fsBe?GlŶė[xQ~=tWX #!u-ɲUzk@ T*N 0{Vs/ "ҪhOoח'PK-![Content_Types].xmlPK-!1_a ._rels/.relsPK-!@raraA   B  7;Yes;@No ;Partial  ;CS;@NS;PS  ;CS;@NS;PS{+{{+{{+{{+{{+{{+{ {+{ {+{ {+{ 8 Yes PartialNoi1  NSPSCSggD T8 KT  dMbP?_*+%&?'?(?)?M2Bullzip PDF PrinterTS odXXLetterPRIV''''T\KhC/  SMTJpBullzip PDF PrinterResolution300dpiPageSizeA4PageRegion"dXX??&U} } I i} I*} K@ @UXOXOXOXOXOXO  O O O O +OGOgOgOOOOOOvOO OOO)OOO OO lmmmnKKLopppqMMN S S3 S T T f8 g4 Q6 VR\ g5 Q7 VR e= h: Q9 VP] h; Q> VP] j{ Qz VP^ h< Q? VP eD h@ QA VP ^ hC QB VP eE hF Qd VP ] hG Q| VP ] hH Q} VP] j Q~ VP^ hI Qc VP e hJ QK VP] hL QM VP] hN QO VP] hP Qb VP] hQ QR VP] j Q VP] hS Q VP^ hT QZ VP Z hU QV VP] j QW VP] hX QY VP] j Q VP] h[ Q VP] h\ Q] VP] h^ Q VP] h_ Q` VPD l&F8484448484444844444448444444 O!WO"WO#O$vO%O&O'O( O)O*O+WO,WO-WO.WO/WO0O1O2vO3fO4:O5O6O7WO8O9 O:O;O<fO=O>WO?WO ^ ha Q VP !Ye !j !Q !VP "ef "j "Q "VP#] #hg #Qh #VP$] $hi $Qj $VP%] %hk %Ql %VP&] &hm &Qn &VP'] 'ho 'Qp 'VP(] (hq (Qr (VP)] )hs )Qt )VP*] *hu *Qv *VP+] +hw +Qx +VP,] ,j ,Qy ,VP-^ -j -Q -VP .e .h .Q .VP/] /j /Q /VP0] 0h 0Q 0VP1] 1h 1Q 1VP2] 2h 2Q 2VP3] 3j 3Q 3VP4] 4j 4Q 4VP5] 5j 5Q 5VP6^ 6j 6Q 6VP 7e 7j 7Q 7VP8] 8j 8Q 8VP9^ 9j 9Q 9VP :e :j :Q :VP;] ;j ;Q ;VP<] <j <Q <VP=] =j =Q =VP>^ >j >Q >VP ?Z ?j ?Q ?VPD l4884444444444484444444484484444@WOAOBOCFODWOEWOFOG9OHWOIFOJ)O@_ @j @Q @VPA_ Aj AQ AVPBk Bj BQ BVP Ce Cj CQ CVPD] Dj DQ DVPE^ Ej EQ EVP Fe Fj FQ FVPG] Gj GQ GVPH^ Hj HQ HVP Ie Ij IQ IVPJ^ Jj JQ JVP$44484484480q (   ~ D <x$ XPP?3 ]4D@ RgSOK}m Z<[NA - Not applicable CS - Completely satisfied PS - Partially Satisfied NS - Not satisfied <Z q A0??8537281112@29052008-0A87Picture 69cid:537281112@29052008-0A87]&q`D Subrata Guha>@raraA ?GGGzIJ.679:>?BCEFH  "- 7II;CS;C;@CJJJJ;CS;C;@C{+{I{+{I{+{I{+{JJ{+{JJ{+{JJ4  NSPSCSNASJggD Oh+'0@H`x Subrata GuhaGuha, SubrataMicrosoft Excel@aY@x;Z՜.+,0 PXl t|  UL DQS Inc.  Requirements Controls  Worksheets  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~Root Entry FWorkbookSummaryInformation(DocumentSummaryInformation8