True/False
Indicate whether the sentence or statement is true
or false.
|
|
|
1.
|
1.112~ Service Provider documented security policies, standards, plans and procedures are available for review.
|
|
|
2.
|
2.113~ There is no independent audit report of security policy available of the Service Provider documented security policies, standards, plans and procedures and they are available for review.
|
|
|
3.
|
3.121~ Information classification policy is NOT documented and dated as to the last management approval.
|
|
|
4.
|
4.122~ Data-handling policy (to include secure use, storage and destruction of sensitive data).
|
|
|
5.
|
5.123~ Internet/intranet access and use policy is NOT documented and dated as to the last management approval.
|
|
|
6.
|
6.124~ Authorized use policy is NOT documented and dated as to the last management approval.
|
|
|
7.
|
7.125~ Acceptable use policy (to include restriction on using corporate computing resources for purposes other than business, e.g., personal email, browsing) is documented and dated as to the last management approval.
|
|
|
8.
|
8.126~ Email use policy is NOT documented and dated as to the last management approval.
|
|
|
9.
|
9.127~ Encryption policy and standards is documented and dated as to the last management approval.
|
|
|
10.
|
10.1281 Security patches are documented and dated as to the last management approval.
|