diff --git a/backend/library/libraries/iso27001-2022.yaml b/backend/library/libraries/iso27001-2022.yaml index bc97ef1a0..e8a5bd1e7 100644 --- a/backend/library/libraries/iso27001-2022.yaml +++ b/backend/library/libraries/iso27001-2022.yaml @@ -5,7 +5,7 @@ name: International standard ISO/IEC 27001:2022 description: "Information security, cybersecurity and privacy protection \u2014 Information\ \ security management systems \u2014 Requirements" copyright: See https://www.iso.org/standard/27001 -version: 5 +version: 6 provider: ISO/IEC packager: intuitem translations: @@ -23,755 +23,1298 @@ objects: ref_id: A.5.1 name: Policies for information security category: policy + description: This control establishes and maintains information security policies + aligned with organizational objectives. Measures include defining scope, setting + goals, and ensuring alignment with compliance requirements. translations: fr: name: "Politiques de s\xE9curit\xE9 de l'information" - description: null + description: "Cette mesure de s\xE9curit\xE9 \xE9tablit et maintient des politiques\ + \ de s\xE9curit\xE9 de l'information align\xE9es sur les objectifs organisationnels.\ + \ Les mesures incluent la d\xE9finition de la port\xE9e, la fixation des\ + \ objectifs et l'alignement avec les exigences de conformit\xE9." - urn: urn:intuitem:risk:function:doc-pol:a.5.2 ref_id: A.5.2 name: Information security roles and responsibilities category: process + description: This control defines and assigns roles and responsibilities for information + security to ensure accountability. Measures include clear documentation of responsibilities, + periodic reviews, and enforcement mechanisms. translations: fr: name: "Fonctions et responsabilit\xE9s li\xE9es \xE0 la s\xE9curit\xE9 de\ \ l'information" - description: null + description: "Cette mesure de s\xE9curit\xE9 d\xE9finit et attribue des r\xF4\ + les et responsabilit\xE9s en mati\xE8re de s\xE9curit\xE9 de l'information\ + \ pour garantir la responsabilit\xE9. Les mesures incluent une documentation\ + \ claire des responsabilit\xE9s, des revues p\xE9riodiques et des m\xE9\ + canismes d'application." - urn: urn:intuitem:risk:function:doc-pol:a.5.3 ref_id: A.5.3 name: Segregation of duties category: process + description: This control ensures segregation of duties to reduce the risk of + errors, fraud, and unauthorized access. Measures include role separation, access + restrictions, and regular audits. translations: fr: name: "S\xE9paration des t\xE2ches" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit la s\xE9paration des\ + \ t\xE2ches pour r\xE9duire le risque d'erreurs, de fraude et d'acc\xE8\ + s non autoris\xE9. Les mesures incluent la s\xE9paration des r\xF4les, des\ + \ restrictions d'acc\xE8s et des audits r\xE9guliers." - urn: urn:intuitem:risk:function:doc-pol:a.5.4 ref_id: A.5.4 name: Management responsibilities category: process + description: This control ensures management responsibilities for information + security are clearly defined and implemented. Measures include setting objectives, + allocating resources, and overseeing compliance. translations: fr: name: "Responsabilit\xE9s de la direction" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les responsabilit\xE9\ + s de gestion en mati\xE8re de s\xE9curit\xE9 de l'information sont clairement\ + \ d\xE9finies et mises en \u0153uvre. Les mesures incluent la fixation d'objectifs,\ + \ l'allocation de ressources et la supervision de la conformit\xE9." - urn: urn:intuitem:risk:function:doc-pol:a.5.5 ref_id: A.5.5 name: Contact with authorities category: process + description: This control ensures timely communication with relevant authorities + during information security incidents. Measures include establishing contact + protocols, maintaining updated contact lists, and assigning responsibilities. translations: fr: name: "Contact avec les autorit\xE9s" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit une communication rapide\ + \ avec les autorit\xE9s comp\xE9tentes en cas d'incidents de s\xE9curit\xE9\ + \ de l'information. Les mesures incluent des protocoles de contact, des\ + \ listes de contacts \xE0 jour et l'attribution de responsabilit\xE9s." - urn: urn:intuitem:risk:function:doc-pol:a.5.6 ref_id: A.5.6 name: Contact with special interest groups category: process + description: This control facilitates contact with special interest groups to + stay informed about security trends and practices. Measures include participation + in forums, memberships, and collaborative initiatives. translations: fr: name: "Contact avec des groupes d'int\xE9r\xEAt sp\xE9cifiques" - description: null + description: "Cette mesure de s\xE9curit\xE9 facilite le contact avec des\ + \ groupes d'int\xE9r\xEAt pour rester inform\xE9 des tendances et pratiques\ + \ en mati\xE8re de s\xE9curit\xE9. Les mesures incluent la participation\ + \ \xE0 des forums, des adh\xE9sions et des initiatives collaboratives." - urn: urn:intuitem:risk:function:doc-pol:a.5.7 ref_id: A.5.7 name: Threat intelligence category: process + description: This control ensures threat intelligence is developed and maintained + to identify and mitigate security risks. Measures include monitoring threat + feeds, analyzing trends, and sharing actionable insights. translations: fr: name: Renseignements sur les menaces - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que des renseignements\ + \ sur les menaces sont d\xE9velopp\xE9s et maintenus pour identifier et\ + \ att\xE9nuer les risques de s\xE9curit\xE9. Les mesures incluent le suivi\ + \ des flux de menaces, l'analyse des tendances et le partage d'informations\ + \ exploitables." - urn: urn:intuitem:risk:function:doc-pol:a.5.8 ref_id: A.5.8 name: Information security in project management category: process + description: This control incorporates information security into project management + practices. Measures include risk assessments, compliance reviews, and security + checkpoints during project lifecycles. translations: fr: name: "S\xE9curit\xE9 de l'information dans la gestion de projet" - description: null + description: "Cette mesure de s\xE9curit\xE9 int\xE8gre la s\xE9curit\xE9\ + \ de l'information dans les pratiques de gestion de projet. Les mesures\ + \ incluent les \xE9valuations des risques, les revues de conformit\xE9 et\ + \ les points de contr\xF4le de s\xE9curit\xE9 tout au long du cycle de vie\ + \ du projet." - urn: urn:intuitem:risk:function:doc-pol:a.5.9 ref_id: A.5.9 name: Inventory of information and other associated assets category: process + description: This control ensures an accurate inventory of information and associated + assets is maintained. Measures include asset tracking, periodic audits, and + classification by sensitivity. translations: fr: name: "Inventaire des informations et autres actifs associ\xE9s" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit qu\u2019un inventaire\ + \ pr\xE9cis des informations et des actifs associ\xE9s est maintenu. Les\ + \ mesures incluent le suivi des actifs, des audits p\xE9riodiques et une\ + \ classification par sensibilit\xE9." - urn: urn:intuitem:risk:function:doc-pol:a.5.10 ref_id: A.5.10 name: Acceptable use of information and other associated assets category: process + description: This control defines acceptable use of information and associated + assets to ensure proper handling. Measures include documented policies, user + training, and enforcement mechanisms. translations: fr: name: "Utilisation correcte des informations et autres actifs associ\xE9s" - description: null + description: "Cette mesure de s\xE9curit\xE9 d\xE9finit les r\xE8gles d'utilisation\ + \ acceptable des informations et des actifs associ\xE9s pour assurer une\ + \ manipulation appropri\xE9e. Les mesures incluent des politiques document\xE9\ + es, la formation des utilisateurs et des m\xE9canismes d'application." - urn: urn:intuitem:risk:function:doc-pol:a.5.11 ref_id: A.5.11 name: Return of assets category: process + description: This control ensures the secure return of assets when employees or + contractors leave or change roles. Measures include checklists, asset tracking, + and decommissioning protocols. translations: fr: name: Restitution des actifs - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit le retour s\xE9curis\xE9\ + \ des actifs lorsque des employ\xE9s ou des sous-traitants quittent ou changent\ + \ de r\xF4le. Les mesures incluent des listes de contr\xF4le, le suivi des\ + \ actifs et des protocoles de d\xE9sactivation." - urn: urn:intuitem:risk:function:doc-pol:a.5.12 ref_id: A.5.12 name: Classification of information category: process + description: This control ensures information is classified based on its sensitivity + and value to ensure appropriate protection. Measures include classification + schemes, access restrictions, and labeling guidelines. translations: fr: name: Classification des informations - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les informations\ + \ sont class\xE9es en fonction de leur sensibilit\xE9 et de leur valeur\ + \ pour assurer une protection ad\xE9quate. Les mesures incluent des sch\xE9\ + mas de classification, des restrictions d'acc\xE8s et des directives d'\xE9\ + tiquetage." - urn: urn:intuitem:risk:function:doc-pol:a.5.13 ref_id: A.5.13 name: Labelling of information category: process + description: This control ensures consistent labeling of information to reflect + its classification and handling requirements. Measures include standardized + templates, training, and audits. translations: fr: name: Marquage des informations - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit un \xE9tiquetage coh\xE9\ + rent des informations pour refl\xE9ter leur classification et leurs exigences\ + \ de traitement. Les mesures incluent des mod\xE8les standardis\xE9s, des\ + \ formations et des audits." - urn: urn:intuitem:risk:function:doc-pol:a.5.14 ref_id: A.5.14 name: Information transfer category: process + description: This control establishes secure processes for transferring information + between systems or organizations. Measures include encryption, access controls, + and secure transfer protocols. translations: fr: name: Transfert des informations - description: null + description: "Cette mesure de s\xE9curit\xE9 \xE9tablit des processus s\xE9\ + curis\xE9s pour le transfert d'informations entre syst\xE8mes ou organisations.\ + \ Les mesures incluent le chiffrement, les contr\xF4les d'acc\xE8s et les\ + \ protocoles de transfert s\xE9curis\xE9s." - urn: urn:intuitem:risk:function:doc-pol:a.5.15 ref_id: A.5.15 name: Access control category: process + description: This control implements and maintains access control mechanisms to + restrict access to authorized individuals. Measures include role-based access, + multi-factor authentication, and periodic reviews. translations: fr: name: "Contr\xF4le d'acc\xE8s" - description: null + description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre et maintient\ + \ des m\xE9canismes de contr\xF4le d'acc\xE8s pour limiter l'acc\xE8s aux\ + \ individus autoris\xE9s. Les mesures incluent des contr\xF4les bas\xE9\ + s sur les r\xF4les, l'authentification multifacteur et des revues p\xE9\ + riodiques." - urn: urn:intuitem:risk:function:doc-pol:a.5.16 ref_id: A.5.16 name: Identity management category: process + description: This control ensures identities are managed securely to guarantee + accurate and reliable access to systems. Measures include identity verification, + lifecycle management, and access provisioning. translations: fr: name: "Gestion des identit\xE9s" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les identit\xE9\ + s sont g\xE9r\xE9es de mani\xE8re s\xE9curis\xE9e pour garantir un acc\xE8\ + s pr\xE9cis et fiable aux syst\xE8mes. Les mesures incluent la v\xE9rification\ + \ d'identit\xE9, la gestion du cycle de vie et l'approvisionnement des acc\xE8\ + s." - urn: urn:intuitem:risk:function:doc-pol:a.5.17 ref_id: A.5.17 name: Authentication information category: process + description: This control protects authentication information, such as passwords, + to prevent unauthorized access. Measures include encryption, secure storage, + and periodic password updates. translations: fr: name: Informations d'authentification - description: null + description: "Cette mesure de s\xE9curit\xE9 prot\xE8ge les informations d'authentification,\ + \ telles que les mots de passe, pour emp\xEAcher tout acc\xE8s non autoris\xE9\ + . Les mesures incluent le chiffrement, le stockage s\xE9curis\xE9 et les\ + \ mises \xE0 jour p\xE9riodiques des mots de passe." - urn: urn:intuitem:risk:function:doc-pol:a.5.18 ref_id: A.5.18 name: Access rights category: process + description: This control ensures access rights are regularly reviewed and managed + to align with roles and responsibilities. Measures include periodic audits, + access revocation, and automated access management. translations: fr: name: "Droits d'acc\xE8s" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les droits d'acc\xE8\ + s sont r\xE9guli\xE8rement revus et g\xE9r\xE9s pour s'aligner sur les r\xF4\ + les et responsabilit\xE9s. Les mesures incluent des audits p\xE9riodiques,\ + \ la r\xE9vocation des acc\xE8s et la gestion automatis\xE9e des acc\xE8\ + s." - urn: urn:intuitem:risk:function:doc-pol:a.5.19 ref_id: A.5.19 name: Information security in supplier relationships category: process + description: This control ensures information security is embedded in supplier + relationships and processes. Measures include due diligence, security reviews, + and ongoing monitoring. translations: fr: name: "S\xE9curit\xE9 de l'information dans les relations avec les fournisseurs" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que la s\xE9curit\xE9\ + \ de l'information est int\xE9gr\xE9e dans les relations et processus avec\ + \ les fournisseurs. Les mesures incluent la diligence raisonnable, les revues\ + \ de s\xE9curit\xE9 et la surveillance continue." - urn: urn:intuitem:risk:function:doc-pol:a.5.20 ref_id: A.5.20 name: Addressing information security within supplier agreements category: process + description: This control addresses information security requirements within supplier + agreements. Measures include explicit contract clauses, compliance audits, and + defined penalties for violations. translations: fr: name: "La s\xE9curit\xE9 de l'information dans les accords conclus avec les\ \ fournisseurs" - description: null + description: "Cette mesure de s\xE9curit\xE9 aborde les exigences de s\xE9\ + curit\xE9 de l'information dans les accords avec les fournisseurs. Les mesures\ + \ incluent des clauses contractuelles explicites, des audits de conformit\xE9\ + \ et des p\xE9nalit\xE9s d\xE9finies pour les violations." - urn: urn:intuitem:risk:function:doc-pol:a.5.21 ref_id: A.5.21 name: Managing information security in the ICT supply chain category: process + description: This control manages information security risks in the ICT supply + chain to ensure security of services and components. Measures include risk assessments, + supplier evaluations, and incident response protocols. translations: fr: name: "Gestion de la s\xE9curit\xE9 de l'information dans la cha\xEEne d'approvisionnement\ \ des technologies de l'information et de la communication (TIC)" - description: null + description: "Cette mesure de s\xE9curit\xE9 g\xE8re les risques de s\xE9\ + curit\xE9 de l'information dans la cha\xEEne d'approvisionnement TIC pour\ + \ garantir la s\xE9curit\xE9 des services et des composants. Les mesures\ + \ incluent des \xE9valuations des risques, des \xE9valuations des fournisseurs\ + \ et des protocoles de r\xE9ponse aux incidents." - urn: urn:intuitem:risk:function:doc-pol:a.5.22 ref_id: A.5.22 name: Monitor, review and change management of supplier services category: process + description: This control ensures supplier services are monitored, reviewed, and + adjusted to maintain information security. Measures include service level agreements, + periodic reviews, and contract updates. translations: fr: name: "Surveillance, r\xE9vision et gestion des changements des services fournisseurs" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les services des\ + \ fournisseurs sont surveill\xE9s, revus et ajust\xE9s pour maintenir la\ + \ s\xE9curit\xE9 de l'information. Les mesures incluent des accords de niveau\ + \ de service, des revues p\xE9riodiques et des mises \xE0 jour contractuelles." - urn: urn:intuitem:risk:function:doc-pol:a.5.23 ref_id: A.5.23 name: Information security for use of cloud services category: process + description: This control ensures the secure use of cloud services by addressing + associated risks. Measures include data encryption, access controls, and provider + compliance reviews. translations: fr: name: "S\xE9curit\xE9 de l'information dans l'utilisation de services en nuage" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit l'utilisation s\xE9\ + curis\xE9e des services cloud en abordant les risques associ\xE9s. Les mesures\ + \ incluent le chiffrement des donn\xE9es, les contr\xF4les d'acc\xE8s et\ + \ les revues de conformit\xE9 des fournisseurs." - urn: urn:intuitem:risk:function:doc-pol:a.5.24 ref_id: A.5.24 name: Information security incident management planning and preparation category: process + description: This control ensures proper planning and preparation for managing + information security incidents. Measures include incident response plans, training + exercises, and communication protocols. translations: fr: name: "Planification et pr\xE9paration de la gestion des incidents de s\xE9\ curit\xE9 de l'information" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit une planification et\ + \ une pr\xE9paration ad\xE9quates pour la gestion des incidents de s\xE9\ + curit\xE9 de l'information. Les mesures incluent des plans de r\xE9ponse\ + \ aux incidents, des exercices de formation et des protocoles de communication." - urn: urn:intuitem:risk:function:doc-pol:a.5.25 ref_id: A.5.25 name: Assessment and decision on information security events category: process + description: This control establishes processes for assessing and deciding on + actions related to information security events. Measures include root cause + analysis, risk evaluation, and mitigation plans. translations: fr: name: "\xC9valuation des \xE9v\xE9nements de s\xE9curit\xE9 de l'information\ \ et prise de d\xE9cision" - description: null + description: "Cette mesure de s\xE9curit\xE9 \xE9tablit des processus pour\ + \ \xE9valuer et d\xE9cider des actions li\xE9es aux \xE9v\xE9nements de\ + \ s\xE9curit\xE9 de l'information. Les mesures incluent l'analyse des causes\ + \ profondes, l'\xE9valuation des risques et des plans d'att\xE9nuation." - urn: urn:intuitem:risk:function:doc-pol:a.5.26 ref_id: A.5.26 name: Response to information security incidents category: process + description: This control ensures effective response to information security incidents + to minimize impact and recover quickly. Measures include incident reporting, + escalation protocols, and containment strategies. translations: fr: name: "R\xE9ponse aux incidents de s\xE9curit\xE9 de l'information" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit une r\xE9ponse efficace\ + \ aux incidents de s\xE9curit\xE9 de l'information pour minimiser l'impact\ + \ et r\xE9cup\xE9rer rapidement. Les mesures incluent le signalement des\ + \ incidents, des protocoles d'escalade et des strat\xE9gies de confinement." - urn: urn:intuitem:risk:function:doc-pol:a.5.27 ref_id: A.5.27 name: Learning from information security incidents category: process + description: This control ensures lessons learned from information security incidents + are documented and implemented to improve processes. Measures include post-incident + reviews, action plans, and policy updates. translations: fr: name: "Tirer des enseignements des incidents de s\xE9curit\xE9 de l'information" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les le\xE7ons tir\xE9\ + es des incidents de s\xE9curit\xE9 de l'information sont document\xE9es\ + \ et mises en \u0153uvre pour am\xE9liorer les processus. Les mesures incluent\ + \ des revues post-incidents, des plans d'action et des mises \xE0 jour des\ + \ politiques." - urn: urn:intuitem:risk:function:doc-pol:a.5.28 ref_id: A.5.28 name: Collection of evidence category: process + description: This control ensures evidence is collected and preserved during security + incidents to support investigations. Measures include chain-of-custody procedures, + secure storage, and access controls. translations: fr: name: Collecte de preuves - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les preuves sont\ + \ collect\xE9es et conserv\xE9es lors des incidents de s\xE9curit\xE9 pour\ + \ soutenir les enqu\xEAtes. Les mesures incluent des proc\xE9dures de cha\xEE\ + ne de conservation, le stockage s\xE9curis\xE9 et les contr\xF4les d'acc\xE8\ + s." - urn: urn:intuitem:risk:function:doc-pol:a.5.29 ref_id: A.5.29 name: Information security during disruption category: process + description: This control ensures information security is maintained during disruptions + to guarantee continuity of operations. Measures include contingency plans, backup + systems, and failover mechanisms. translations: fr: name: "S\xE9curit\xE9 de l'information pendant une perturbation" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que la s\xE9curit\xE9\ + \ de l'information est maintenue pendant les perturbations pour assurer\ + \ la continuit\xE9 des op\xE9rations. Les mesures incluent des plans de\ + \ contingence, des syst\xE8mes de sauvegarde et des m\xE9canismes de basculement." - urn: urn:intuitem:risk:function:doc-pol:a.5.30 ref_id: A.5.30 name: ICT readiness for business continuity category: process + description: This control ensures ICT readiness for business continuity to minimize + downtime during disruptions. Measures include testing recovery plans, redundant + systems, and disaster recovery sites. translations: fr: name: "Pr\xE9paration des TIC la continuit\xE9 d'activit\xE9" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit la pr\xE9paration TIC\ + \ pour la continuit\xE9 des activit\xE9s afin de minimiser les temps d'arr\xEA\ + t pendant les perturbations. Les mesures incluent des tests de plans de\ + \ reprise, des syst\xE8mes redondants et des sites de reprise apr\xE8s sinistre." - urn: urn:intuitem:risk:function:doc-pol:a.5.31 ref_id: A.5.31 name: Legal, statutory, regulatory and contractual requirements category: process + description: This control ensures compliance with legal, statutory, regulatory, + and contractual information security requirements. Measures include policy reviews, + audits, and evidence documentation. translations: fr: name: "Exigences l\xE9gales, statutaires, r\xE9glementaires et contractuelles" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit la conformit\xE9 aux\ + \ exigences l\xE9gales, r\xE9glementaires et contractuelles en mati\xE8\ + re de s\xE9curit\xE9 de l'information. Les mesures incluent des revues de\ + \ politiques, des audits et la documentation des preuves." - urn: urn:intuitem:risk:function:doc-pol:a.5.32 ref_id: A.5.32 name: ' Intellectual property rights' category: process + description: This control ensures intellectual property rights are protected through + appropriate information security measures. Measures include access restrictions, + encryption, and legal agreements. translations: fr: name: " Droits de propri\xE9t\xE9 intellectuelle" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit la protection des droits\ + \ de propri\xE9t\xE9 intellectuelle par des mesures de s\xE9curit\xE9 de\ + \ l'information appropri\xE9es. Les mesures incluent des restrictions d'acc\xE8\ + s, le chiffrement et des accords l\xE9gaux." - urn: urn:intuitem:risk:function:doc-pol:a.5.33 ref_id: A.5.33 name: Protection of records category: process + description: This control ensures records are securely stored and protected to + prevent loss or unauthorized access. Measures include retention policies, secure + storage, and access controls. translations: fr: name: Protection des enregistrements - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les enregistrements\ + \ sont stock\xE9s et prot\xE9g\xE9s de mani\xE8re s\xE9curis\xE9e pour pr\xE9\ + venir toute perte ou acc\xE8s non autoris\xE9. Les mesures incluent des\ + \ politiques de r\xE9tention, un stockage s\xE9curis\xE9 et des contr\xF4\ + les d'acc\xE8s." - urn: urn:intuitem:risk:function:doc-pol:a.5.34 ref_id: A.5.34 name: Privacy and protection of PII category: process + description: This control protects privacy and ensures the secure handling of + personally identifiable information (PII). Measures include anonymization, encryption, + and compliance with privacy laws. translations: fr: name: "Protection de la vie priv\xE9e et des donn\xE9es \xE0 caract\xE8re\ \ personnel (DCP)" - description: null + description: "Cette mesure de s\xE9curit\xE9 prot\xE8ge la confidentialit\xE9\ + \ et garantit le traitement s\xE9curis\xE9 des informations personnellement\ + \ identifiables (PII). Les mesures incluent l'anonymisation, le chiffrement\ + \ et la conformit\xE9 aux lois sur la confidentialit\xE9." - urn: urn:intuitem:risk:function:doc-pol:a.5.35 ref_id: A.5.35 name: Independent review of information security category: process + description: This control ensures independent reviews of information security + to evaluate effectiveness and compliance. Measures include external audits, + risk assessments, and follow-up actions. translations: fr: name: "R\xE9vision ind\xE9pendante de la s\xE9curit\xE9 de l'information" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit des revues ind\xE9pendantes\ + \ de la s\xE9curit\xE9 de l'information pour \xE9valuer l'efficacit\xE9\ + \ et la conformit\xE9. Les mesures incluent des audits externes, des \xE9\ + valuations des risques et des actions de suivi." - urn: urn:intuitem:risk:function:doc-pol:a.5.36 ref_id: A.5.36 name: Compliance with policies, rules and standards for information security category: process + description: This control ensures compliance with all policies, rules, and standards + for information security. Measures include regular training, policy reviews, + and enforcement mechanisms. translations: fr: name: "Conformit\xE9 aux politiques, r\xE8gles et normes de s\xE9curit\xE9\ \ de l'information" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit la conformit\xE9 \xE0\ + \ toutes les politiques, r\xE8gles et normes en mati\xE8re de s\xE9curit\xE9\ + \ de l'information. Les mesures incluent des formations r\xE9guli\xE8res,\ + \ des revues de politiques et des m\xE9canismes d'application." - urn: urn:intuitem:risk:function:doc-pol:a.5.37 ref_id: A.5.37 name: Documented operating procedures category: process + description: This control develops and maintains documented operating procedures + to ensure consistency in security practices. Measures include process documentation, + version control, and accessibility. translations: fr: name: "Proc\xE9dures d'exploitation document\xE9es" - description: null + description: "Cette mesure de s\xE9curit\xE9 d\xE9veloppe et maintient des\ + \ proc\xE9dures op\xE9rationnelles document\xE9es pour garantir la coh\xE9\ + rence des pratiques de s\xE9curit\xE9. Les mesures incluent la documentation\ + \ des processus, le contr\xF4le des versions et l'accessibilit\xE9." - urn: urn:intuitem:risk:function:doc-pol:a.6.1 ref_id: A.6.1 name: Screening category: process + description: This control ensures the implementation of screening processes to + verify the suitability of candidates before employment. Measures include background + checks, identity verification, and assessment of qualifications to reduce security + risks. translations: fr: name: "S\xE9lection des candidats" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit la mise en \u0153uvre\ + \ de processus de v\xE9rification pour \xE9valuer l'ad\xE9quation des candidats\ + \ avant leur embauche. Les mesures incluent des v\xE9rifications des ant\xE9\ + c\xE9dents, la v\xE9rification d'identit\xE9 et l'\xE9valuation des qualifications\ + \ pour r\xE9duire les risques de s\xE9curit\xE9." - urn: urn:intuitem:risk:function:doc-pol:a.6.2 ref_id: A.6.2 name: Terms and conditions of employment category: process + description: This control ensures that terms and conditions of employment include + information security responsibilities. Measures include explicit clauses about + confidentiality, compliance with policies, and consequences for breaches. translations: fr: name: Termes et conditions du contrat de travail - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les termes et conditions\ + \ d'emploi incluent des responsabilit\xE9s en mati\xE8re de s\xE9curit\xE9\ + \ de l'information. Les mesures incluent des clauses explicites sur la confidentialit\xE9\ + , le respect des politiques et les cons\xE9quences des violations." - urn: urn:intuitem:risk:function:doc-pol:a.6.3 ref_id: A.6.3 name: Information security awareness, education and training category: process + description: This control ensures that employees receive regular information security + awareness, education, and training. Measures include scheduled training sessions, + e-learning programs, and simulated phishing exercises. translations: fr: name: "Sensibilisation, enseignement et formation en s\xE9curit\xE9 de l'information" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les employ\xE9s\ + \ re\xE7oivent une sensibilisation, une \xE9ducation et une formation r\xE9\ + guli\xE8res en mati\xE8re de s\xE9curit\xE9 de l'information. Les mesures\ + \ incluent des sessions de formation planifi\xE9es, des programmes d'apprentissage\ + \ en ligne et des exercices de phishing simul\xE9s." - urn: urn:intuitem:risk:function:doc-pol:a.6.4 ref_id: A.6.4 name: Disciplinary process category: process + description: This control establishes a disciplinary process to address breaches + of information security policies. Measures include clear guidelines, escalation + procedures, and consistent enforcement to maintain accountability. translations: fr: name: "Proc\xE9dure disciplinaire" - description: null + description: "Cette mesure de s\xE9curit\xE9 \xE9tablit un processus disciplinaire\ + \ pour traiter les violations des politiques de s\xE9curit\xE9 de l'information.\ + \ Les mesures incluent des lignes directrices claires, des proc\xE9dures\ + \ d'escalade et une application coh\xE9rente pour maintenir la responsabilit\xE9\ + ." - urn: urn:intuitem:risk:function:doc-pol:a.6.5 ref_id: A.6.5 name: Responsibilities after termination or change of employment category: process + description: This control ensures that responsibilities related to information + security are defined and enforced after termination or role changes. Measures + include revoking access rights, collecting organizational assets, and conducting + exit interviews. translations: fr: name: "Responsabilit\xE9s apr\xE8s la fin ou le changement d'emploi" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les responsabilit\xE9\ + s li\xE9es \xE0 la s\xE9curit\xE9 de l'information sont d\xE9finies et appliqu\xE9\ + es apr\xE8s la fin d\u2019un contrat ou un changement de r\xF4le. Les mesures\ + \ incluent la r\xE9vocation des droits d'acc\xE8s, la r\xE9cup\xE9ration\ + \ des actifs de l'organisation et la r\xE9alisation d'entretiens de sortie." - urn: urn:intuitem:risk:function:doc-pol:a.6.6 ref_id: A.6.6 name: Confidentiality or non-disclosure agreements category: process + description: This control implements confidentiality or non-disclosure agreements + to protect sensitive information. Measures include signed agreements at the + start of employment, periodic reminders, and enforcement of legal actions in + case of violations. translations: fr: name: "Accords de confidentialit\xE9 ou de non-divulgation" - description: null + description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre des accords\ + \ de confidentialit\xE9 ou de non-divulgation pour prot\xE9ger les informations\ + \ sensibles. Les mesures incluent des accords sign\xE9s au d\xE9but de l'emploi,\ + \ des rappels p\xE9riodiques et l'application d'actions l\xE9gales en cas\ + \ de violations." - urn: urn:intuitem:risk:function:doc-pol:a.6.7 ref_id: A.6.7 name: Remote working category: process + description: This control ensures the secure management of information security + risks during remote working. Measures include secure access to corporate systems, + mandatory use of VPNs, and policies for handling sensitive data remotely. translations: fr: name: "Travail \xE0 distance" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit la gestion s\xE9curis\xE9\ + e des risques li\xE9s \xE0 la s\xE9curit\xE9 de l'information pendant le\ + \ t\xE9l\xE9travail. Les mesures incluent un acc\xE8s s\xE9curis\xE9 aux\ + \ syst\xE8mes de l'entreprise, l'utilisation obligatoire de VPN et des politiques\ + \ pour la gestion des donn\xE9es sensibles \xE0 distance." - urn: urn:intuitem:risk:function:doc-pol:a.6.8 ref_id: A.6.8 name: Information security event reporting category: process + description: This control ensures employees can promptly report information security + events. Measures include incident reporting channels, awareness campaigns, and + follow-up procedures to investigate and address reported events. translations: fr: name: "D\xE9claration des \xE9v\xE9nements de s\xE9curit\xE9 de l'information" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les employ\xE9s\ + \ peuvent signaler rapidement les \xE9v\xE9nements de s\xE9curit\xE9 de\ + \ l'information. Les mesures incluent des canaux de signalement d'incidents,\ + \ des campagnes de sensibilisation et des proc\xE9dures de suivi pour enqu\xEA\ + ter et traiter les \xE9v\xE9nements signal\xE9s." - urn: urn:intuitem:risk:function:doc-pol:a.7.1 ref_id: A.7.1 name: Physical security perimeters category: physical + description: This control establishes physical security perimeters to protect + critical areas from unauthorized access. Measures include barriers, access controls, + and monitoring systems to ensure only authorized individuals can enter. translations: fr: name: "P\xE9rim\xE8tres de s\xE9curit\xE9 physique" - description: null + description: "Cette mesure de s\xE9curit\xE9 \xE9tablit des p\xE9rim\xE8tres\ + \ de s\xE9curit\xE9 physique pour prot\xE9ger les zones critiques contre\ + \ les acc\xE8s non autoris\xE9s. Les mesures incluent des barri\xE8res,\ + \ des contr\xF4les d'acc\xE8s et des syst\xE8mes de surveillance pour garantir\ + \ que seules les personnes autoris\xE9es peuvent entrer." - urn: urn:intuitem:risk:function:doc-pol:a.7.2 ref_id: A.7.2 name: Physical entry category: physical + description: This control ensures physical entry points are controlled and monitored + to prevent unauthorized access. Measures include badge systems, security personnel, + and visitor logs. translations: fr: name: "Les entr\xE9es physiques" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les points d'entr\xE9\ + e physiques sont contr\xF4l\xE9s et surveill\xE9s pour emp\xEAcher les acc\xE8\ + s non autoris\xE9s. Les mesures incluent des syst\xE8mes de badges, du personnel\ + \ de s\xE9curit\xE9 et des registres des visiteurs." - urn: urn:intuitem:risk:function:doc-pol:a.7.3 ref_id: A.7.3 name: Securing offices, rooms and facilities category: physical + description: This control ensures that offices, rooms, and facilities are secured + to protect information and resources. Measures include locked doors, restricted + areas, and surveillance systems. translations: fr: name: "S\xE9curisation des bureaux, des salles et des installations" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les bureaux, les\ + \ pi\xE8ces et les installations sont s\xE9curis\xE9s pour prot\xE9ger les\ + \ informations et les ressources. Les mesures incluent des portes verrouill\xE9\ + es, des zones restreintes et des syst\xE8mes de surveillance." - urn: urn:intuitem:risk:function:doc-pol:a.7.4 ref_id: A.7.4 name: Physical security monitoring category: physical + description: This control implements physical security monitoring to detect and + respond promptly to threats. Measures include CCTV systems, motion detectors, + and real-time alerts. translations: fr: name: "Surveillance de la s\xE9curit\xE9 physique" - description: null + description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre une surveillance\ + \ de la s\xE9curit\xE9 physique pour d\xE9tecter et r\xE9pondre rapidement\ + \ aux menaces. Les mesures incluent des syst\xE8mes de vid\xE9osurveillance,\ + \ des d\xE9tecteurs de mouvement et des alertes en temps r\xE9el." - urn: urn:intuitem:risk:function:doc-pol:a.7.5 ref_id: A.7.5 name: Protecting against physical and environmental threats category: physical + description: This control protects systems and resources from physical and environmental + threats. Measures include fire suppression systems, temperature controls, and + flood prevention barriers. translations: fr: name: Protection contre les menaces physiques et environnementales - description: null + description: "Cette mesure de s\xE9curit\xE9 prot\xE8ge les syst\xE8mes et\ + \ les ressources contre les menaces physiques et environnementales. Les\ + \ mesures incluent des syst\xE8mes de suppression d'incendie, des contr\xF4\ + les de temp\xE9rature et des barri\xE8res anti-inondation." - urn: urn:intuitem:risk:function:doc-pol:a.7.6 ref_id: A.7.6 name: Working In secure areas category: physical + description: This control ensures that secure areas are managed to allow authorized + access only. Measures include access control systems, visitor escorts, and activity + monitoring. translations: fr: name: "Travail dans les zones s\xE9curis\xE9es" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les zones s\xE9\ + curis\xE9es sont g\xE9r\xE9es pour permettre l'acc\xE8s uniquement aux personnes\ + \ autoris\xE9es. Les mesures incluent des syst\xE8mes de contr\xF4le d'acc\xE8\ + s, des escortes pour visiteurs et la surveillance des activit\xE9s." - urn: urn:intuitem:risk:function:doc-pol:a.7.7 ref_id: A.7.7 name: Clear desk and clear screen category: physical + description: This control ensures sensitive information is not left exposed by + adopting clear desk and clear screen policies. Measures include locking sensitive + documents away and auto-locking screens when not in use. translations: fr: name: "Bureau propre et \xE9cran vide" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les informations\ + \ sensibles ne sont pas laiss\xE9es expos\xE9es en adoptant des politiques\ + \ de bureau propre et d'\xE9cran clair. Les mesures incluent le verrouillage\ + \ des documents sensibles et le verrouillage automatique des \xE9crans en\ + \ cas d'inutilisation." - urn: urn:intuitem:risk:function:doc-pol:a.7.8 ref_id: A.7.8 name: Equipment siting and protection category: physical + description: This control ensures that equipment is positioned and protected to + prevent unauthorized access or damage. Measures include secure mounting, locked + cabinets, and restricted access areas. translations: fr: name: "Emplacement et protection du mat\xE9riel" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les \xE9quipements\ + \ sont positionn\xE9s et prot\xE9g\xE9s pour pr\xE9venir les acc\xE8s non\ + \ autoris\xE9s ou les dommages. Les mesures incluent des montages s\xE9\ + curis\xE9s, des armoires verrouill\xE9es et des zones d'acc\xE8s restreintes." - urn: urn:intuitem:risk:function:doc-pol:a.7.9 ref_id: A.7.9 name: Security of assets off-premises category: physical + description: This control ensures assets used or stored off-premises are secured + to maintain confidentiality and integrity. Measures include encryption, secure + transport, and access tracking. translations: fr: name: "S\xE9curit\xE9 des actifs hors des locaux" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les actifs utilis\xE9\ + s ou stock\xE9s hors des locaux sont s\xE9curis\xE9s pour maintenir leur\ + \ confidentialit\xE9 et leur int\xE9grit\xE9. Les mesures incluent le chiffrement,\ + \ le transport s\xE9curis\xE9 et le suivi des acc\xE8s." - urn: urn:intuitem:risk:function:doc-pol:a.7.10 ref_id: A.7.10 name: Storage media category: physical + description: This control safeguards storage media to prevent unauthorized access + or tampering. Measures include secure storage, encryption, and access restrictions. translations: fr: name: Supports de stockage - description: null + description: "Cette mesure de s\xE9curit\xE9 prot\xE8ge les supports de stockage\ + \ pour emp\xEAcher tout acc\xE8s ou alt\xE9ration non autoris\xE9. Les mesures\ + \ incluent le stockage s\xE9curis\xE9, le chiffrement et les restrictions\ + \ d'acc\xE8s." - urn: urn:intuitem:risk:function:doc-pol:a.7.11 ref_id: A.7.11 name: Supporting utilities category: physical + description: This control ensures that supporting utilities, such as power and + cooling systems, are reliable and protected from disruptions. Measures include + redundant systems and physical security. translations: fr: name: Services supports - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les utilitaires\ + \ de soutien, tels que les syst\xE8mes d'alimentation et de refroidissement,\ + \ sont fiables et prot\xE9g\xE9s contre les perturbations. Les mesures incluent\ + \ des syst\xE8mes redondants et une s\xE9curit\xE9 physique." - urn: urn:intuitem:risk:function:doc-pol:a.7.12 ref_id: A.7.12 name: Cabling security category: physical + description: This control ensures that cables are secured to prevent unauthorized + interception or damage. Measures include protective conduits, proper labeling, + and secure routing. translations: fr: name: "S\xE9curit\xE9 du c\xE2blage" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les c\xE2bles sont\ + \ s\xE9curis\xE9s pour pr\xE9venir toute interception ou tout dommage non\ + \ autoris\xE9. Les mesures incluent des conduits de protection, un \xE9\ + tiquetage appropri\xE9 et un routage s\xE9curis\xE9." - urn: urn:intuitem:risk:function:doc-pol:a.7.13 ref_id: A.7.13 name: Equipment maintenance category: physical + description: This control ensures that equipment is maintained to guarantee proper + functioning and prevent failures. Measures include regular servicing, secure + maintenance practices, and authorized personnel access. translations: fr: name: "Maintenance du mat\xE9riel" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les \xE9quipements\ + \ sont maintenus pour assurer leur bon fonctionnement et pr\xE9venir les\ + \ pannes. Les mesures incluent un entretien r\xE9gulier, des pratiques de\ + \ maintenance s\xE9curis\xE9es et un acc\xE8s r\xE9serv\xE9 au personnel\ + \ autoris\xE9." - urn: urn:intuitem:risk:function:doc-pol:a.7.14 ref_id: A.7.14 name: Secure disposal or re-use of equipment category: physical + description: This control ensures the secure disposal or reuse of equipment to + protect sensitive information. Measures include data sanitization, physical + destruction, and certified disposal processes. translations: fr: name: "\xC9limination ou recyclage s\xE9curis\xE9(e) du mat\xE9riel" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit l'\xE9limination ou\ + \ la r\xE9utilisation s\xE9curis\xE9e des \xE9quipements pour prot\xE9ger\ + \ les informations sensibles. Les mesures incluent la d\xE9sinfection des\ + \ donn\xE9es, la destruction physique et les processus de mise au rebut\ + \ certifi\xE9s." - urn: urn:intuitem:risk:function:doc-pol:a.8.1 ref_id: A.8.1 name: User end point devices category: technical + description: This control ensures the protection of endpoint devices such as laptops, + desktops, and mobile devices by implementing security measures like endpoint + detection, encryption, and secure configurations to minimize risks. translations: fr: name: Terminaux finaux des utilisateurs - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit la protection des dispositifs\ + \ de point de terminaison tels que les ordinateurs portables, de bureau\ + \ et les appareils mobiles en mettant en \u0153uvre des mesures comme la\ + \ d\xE9tection des terminaux, le chiffrement et des configurations s\xE9\ + curis\xE9es pour minimiser les risques." - urn: urn:intuitem:risk:function:doc-pol:a.8.2 ref_id: A.8.2 name: Privileged access rights category: technical + description: This control ensures that privileged access rights are granted, managed, + and monitored carefully to prevent misuse and enhance security. Measures include + role-based access controls, periodic reviews, and strict account management. translations: fr: name: "Droits d'acc\xE8s privil\xE9gi\xE9s" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les droits d'acc\xE8\ + s privil\xE9gi\xE9s sont accord\xE9s, g\xE9r\xE9s et surveill\xE9s avec\ + \ soin pour pr\xE9venir les abus et renforcer la s\xE9curit\xE9. Les mesures\ + \ comprennent des contr\xF4les d'acc\xE8s bas\xE9s sur les r\xF4les, des\ + \ revues p\xE9riodiques et une gestion stricte des comptes." - urn: urn:intuitem:risk:function:doc-pol:a.8.3 ref_id: A.8.3 name: Information access restriction category: technical + description: This control restricts access to sensitive information based on need-to-know + principles. Measures include user authentication, role-based permissions, and + regular access reviews. translations: fr: name: "Restriction d'acc\xE8s aux informations" - description: null + description: "Cette mesure de s\xE9curit\xE9 limite l'acc\xE8s aux informations\ + \ sensibles selon le principe du besoin d'en conna\xEEtre. Les mesures incluent\ + \ l'authentification des utilisateurs, les permissions bas\xE9es sur les\ + \ r\xF4les et des revues r\xE9guli\xE8res des acc\xE8s." - urn: urn:intuitem:risk:function:doc-pol:a.8.4 ref_id: A.8.4 name: Access to source code category: technical + description: This control secures access to source code by preventing unauthorized + viewing, modification, or exposure. Measures include version control, secure + repositories, and restricted developer access. translations: fr: name: "Acc\xE8s aux codes source" - description: null + description: "Cette mesure de s\xE9curit\xE9 s\xE9curise l'acc\xE8s au code\ + \ source en emp\xEAchant la visualisation, la modification ou l'exposition\ + \ non autoris\xE9es. Les mesures incluent le contr\xF4le de version, les\ + \ d\xE9p\xF4ts s\xE9curis\xE9s et l'acc\xE8s restreint aux d\xE9veloppeurs." - urn: urn:intuitem:risk:function:doc-pol:a.8.5 ref_id: A.8.5 name: Secure authentication category: technical + description: This control implements strong authentication mechanisms, such as + multi-factor authentication, to verify user identities and prevent unauthorized + access. translations: fr: name: "Authentification s\xE9curis\xE9e" - description: null + description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre des m\xE9canismes\ + \ d'authentification solides, tels que l'authentification multifacteur,\ + \ pour v\xE9rifier l'identit\xE9 des utilisateurs et emp\xEAcher les acc\xE8\ + s non autoris\xE9s." - urn: urn:intuitem:risk:function:doc-pol:a.8.6 ref_id: A.8.6 name: Capacity management category: technical + description: This control ensures system capacity is managed to provide adequate + performance and prevent disruptions. Measures include monitoring resource usage + and planning for future needs. translations: fr: name: Dimensionnement - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que la capacit\xE9 des\ + \ syst\xE8mes est g\xE9r\xE9e pour assurer des performances ad\xE9quates\ + \ et \xE9viter les perturbations. Les mesures incluent la surveillance de\ + \ l'utilisation des ressources et la planification des besoins futurs." - urn: urn:intuitem:risk:function:doc-pol:a.8.7 ref_id: A.8.7 name: Protection against malware category: technical + description: This control deploys measures like antivirus software, threat detection + tools, and regular updates to protect systems from malware and malicious attacks. translations: fr: name: Protection contre les programmes malveillants (malware) - description: null + description: "Cette mesure de s\xE9curit\xE9 d\xE9ploie des mesures comme\ + \ des logiciels antivirus, des outils de d\xE9tection des menaces et des\ + \ mises \xE0 jour r\xE9guli\xE8res pour prot\xE9ger les syst\xE8mes contre\ + \ les logiciels malveillants et les attaques." - urn: urn:intuitem:risk:function:doc-pol:a.8.8 ref_id: A.8.8 name: Management of technical vulnerabilities category: technical + description: This control identifies, evaluates, and remediates technical vulnerabilities + promptly to minimize security risks. Measures include vulnerability scanning + and patch management. translations: fr: name: "Gestion des vuln\xE9rabilit\xE9s techniques" - description: null + description: "Cette mesure de s\xE9curit\xE9 identifie, \xE9value et rem\xE9\ + die rapidement aux vuln\xE9rabilit\xE9s techniques pour minimiser les risques\ + \ de s\xE9curit\xE9. Les mesures incluent les analyses de vuln\xE9rabilit\xE9\ + s et la gestion des correctifs." - urn: urn:intuitem:risk:function:doc-pol:a.8.9 ref_id: A.8.9 name: Configuration management category: technical + description: This control ensures consistent management of system configurations + to maintain security settings and prevent unauthorized changes. translations: fr: name: Gestion des configurations - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit une gestion coh\xE9\ + rente des configurations des syst\xE8mes pour maintenir des param\xE8tres\ + \ s\xE9curis\xE9s et pr\xE9venir les changements non autoris\xE9s." - urn: urn:intuitem:risk:function:doc-pol:a.8.10 ref_id: A.8.10 name: Information deletion category: technical + description: This control ensures sensitive information is securely deleted when + no longer required to prevent unauthorized recovery or exposure. translations: fr: name: Suppression des informations - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les informations\ + \ sensibles sont supprim\xE9es de mani\xE8re s\xE9curis\xE9e lorsqu'elles\ + \ ne sont plus n\xE9cessaires pour \xE9viter toute r\xE9cup\xE9ration ou\ + \ exposition non autoris\xE9e." - urn: urn:intuitem:risk:function:doc-pol:a.8.11 ref_id: A.8.11 name: Data masking category: technical + description: This control protects sensitive information during processing or + display by using data masking techniques to obscure data from unauthorized users. translations: fr: name: "Masquage des donn\xE9es" - description: null + description: "Cette mesure de s\xE9curit\xE9 prot\xE8ge les informations sensibles\ + \ lors de leur traitement ou affichage en utilisant des techniques de masquage\ + \ des donn\xE9es pour les rendre inaccessibles aux utilisateurs non autoris\xE9\ + s." - urn: urn:intuitem:risk:function:doc-pol:a.8.12 ref_id: A.8.12 name: Data leakage prevention category: technical + description: This control implements mechanisms to prevent the accidental exposure + of sensitive data through email, removable media, or other channels. translations: fr: name: "Pr\xE9vention de la fuite de donn\xE9es" - description: null + description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre des m\xE9canismes\ + \ pour emp\xEAcher l'exposition accidentelle des donn\xE9es sensibles via\ + \ des e-mails, des supports amovibles ou d'autres canaux." - urn: urn:intuitem:risk:function:doc-pol:a.8.13 ref_id: A.8.13 name: Information backup category: technical + description: This control ensures critical information is backed up regularly + and securely to ensure its availability in case of incidents or disasters. translations: fr: name: Sauvegarde des informations - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les informations\ + \ critiques sont sauvegard\xE9es r\xE9guli\xE8rement et en toute s\xE9curit\xE9\ + \ pour assurer leur disponibilit\xE9 en cas d'incidents ou de catastrophes." - urn: urn:intuitem:risk:function:doc-pol:a.8.14 ref_id: A.8.14 name: Redundancy of information processing facilities category: technical + description: This control ensures redundancy is built into processing facilities + to maintain availability and operations during system failures or emergencies. translations: fr: name: Redondance des moyens de traitement de l'information - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que la redondance est\ + \ int\xE9gr\xE9e dans les installations de traitement pour maintenir la\ + \ disponibilit\xE9 et les op\xE9rations en cas de d\xE9faillances ou d'urgences." - urn: urn:intuitem:risk:function:doc-pol:a.8.15 ref_id: A.8.15 name: Logging category: technical + description: This control enables logging of activities within systems to support + monitoring, incident detection, and forensic investigations. translations: fr: name: Journalisation - description: null + description: "Cette mesure de s\xE9curit\xE9 permet la journalisation des\ + \ activit\xE9s au sein des syst\xE8mes pour soutenir la surveillance, la\ + \ d\xE9tection des incidents et les enqu\xEAtes m\xE9dico-l\xE9gales." - urn: urn:intuitem:risk:function:doc-pol:a.8.16 ref_id: A.8.16 name: Monitoring activities category: technical + description: This control ensures the ongoing monitoring of system activities + to detect, respond to, and mitigate security threats. translations: fr: name: "Activit\xE9s de surveillance" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit la surveillance continue\ + \ des activit\xE9s du syst\xE8me pour d\xE9tecter, r\xE9pondre et att\xE9\ + nuer les menaces \xE0 la s\xE9curit\xE9." - urn: urn:intuitem:risk:function:doc-pol:a.8.17 ref_id: A.8.17 name: Clock synchronization category: technical + description: This control ensures system clocks are synchronized to maintain accurate + and consistent timestamps for logs and other critical processes. translations: fr: name: Synchronisation des horloges - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les horloges des\ + \ syst\xE8mes sont synchronis\xE9es pour maintenir des horodatages pr\xE9\ + cis et coh\xE9rents pour les journaux et d'autres processus critiques." - urn: urn:intuitem:risk:function:doc-pol:a.8.18 ref_id: A.8.18 name: Use of privileged utility programs category: technical + description: This control restricts and monitors the use of privileged utility + programs to prevent misuse and unauthorized actions. translations: fr: name: "Utilisation de programmes utilitaires \xE0 privil\xE8ges" - description: null + description: "Cette mesure de s\xE9curit\xE9 restreint et surveille l'utilisation\ + \ des programmes utilitaires privil\xE9gi\xE9s pour pr\xE9venir les abus\ + \ et les actions non autoris\xE9es." - urn: urn:intuitem:risk:function:doc-pol:a.8.19 ref_id: A.8.19 name: Installation of software on operational systems category: technical + description: This control ensures software installation on operational systems + is managed securely to prevent vulnerabilities or unauthorized changes. translations: fr: name: "Installation de logiciels sur des syst\xE8mes op\xE9rationnels" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que l'installation de\ + \ logiciels sur les syst\xE8mes op\xE9rationnels est g\xE9r\xE9e de mani\xE8\ + re s\xE9curis\xE9e pour \xE9viter les vuln\xE9rabilit\xE9s ou les modifications\ + \ non autoris\xE9es." - urn: urn:intuitem:risk:function:doc-pol:a.8.20 ref_id: A.8.20 name: Networks security category: technical + description: This control ensures network security through firewalls, intrusion + detection systems, and access controls to protect against unauthorized access + and attacks. translations: fr: name: "S\xE9curit\xE9 des r\xE9seaux" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit la s\xE9curit\xE9 du\ + \ r\xE9seau gr\xE2ce \xE0 des pare-feu, des syst\xE8mes de d\xE9tection\ + \ d'intrusion et des contr\xF4les d'acc\xE8s pour prot\xE9ger contre les\ + \ acc\xE8s non autoris\xE9s et les attaques." - urn: urn:intuitem:risk:function:doc-pol:a.8.21 ref_id: A.8.21 name: Security of network services category: technical + description: This control ensures network services are protected to maintain confidentiality, + integrity, and availability during use. translations: fr: name: "S\xE9curit\xE9 des services r\xE9seau" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les services r\xE9\ + seau sont prot\xE9g\xE9s pour maintenir la confidentialit\xE9, l'int\xE9\ + grit\xE9 et la disponibilit\xE9 pendant leur utilisation." - urn: urn:intuitem:risk:function:doc-pol:a.8.22 ref_id: A.8.22 name: Segregation of networks category: technical + description: This control implements network segregation to limit the spread of + threats and minimize the impact of potential breaches. translations: fr: name: "Cloisonnement des r\xE9seaux" - description: null + description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre la segmentation\ + \ des r\xE9seaux pour limiter la propagation des menaces et minimiser l'impact\ + \ des violations potentielles." - urn: urn:intuitem:risk:function:doc-pol:a.8.23 ref_id: A.8.23 name: 'Web filtering ' category: technical + description: This control uses web filtering tools to block unauthorized or harmful + content from being accessed over the internet. translations: fr: name: 'Filtrage web ' - description: null + description: "Cette mesure de s\xE9curit\xE9 utilise des outils de filtrage\ + \ Web pour bloquer le contenu non autoris\xE9 ou nuisible accessible sur\ + \ Internet." - urn: urn:intuitem:risk:function:doc-pol:a.8.24 ref_id: A.8.24 name: Use of cryptography category: technical + description: This control ensures cryptographic techniques are applied to protect + data confidentiality, integrity, and authenticity. translations: fr: name: Utilisation de la cryptographie - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que des techniques cryptographiques\ + \ sont appliqu\xE9es pour prot\xE9ger la confidentialit\xE9, l'int\xE9grit\xE9\ + \ et l'authenticit\xE9 des donn\xE9es." - urn: urn:intuitem:risk:function:doc-pol:a.8.25 ref_id: A.8.25 name: Secure development life cycle category: technical + description: This control integrates security into all stages of the development + life cycle to ensure systems and applications are built securely. translations: fr: name: "Cycle de vie de d\xE9veloppement s\xE9curis\xE9" - description: null + description: "Cette mesure de s\xE9curit\xE9 int\xE8gre la s\xE9curit\xE9\ + \ \xE0 toutes les \xE9tapes du cycle de vie du d\xE9veloppement pour garantir\ + \ que les syst\xE8mes et applications sont construits de mani\xE8re s\xE9\ + curis\xE9e." - urn: urn:intuitem:risk:function:doc-pol:a.8.26 ref_id: A.8.26 name: Application security requirements category: technical + description: This control defines and enforces security requirements for applications + to safeguard against vulnerabilities. translations: fr: name: "Exigences de s\xE9curit\xE9 des applications" - description: null + description: "Cette mesure de s\xE9curit\xE9 d\xE9finit et applique des exigences\ + \ de s\xE9curit\xE9 pour les applications afin de prot\xE9ger contre les\ + \ vuln\xE9rabilit\xE9s." - urn: urn:intuitem:risk:function:doc-pol:a.8.27 ref_id: A.8.27 name: Secure system architecture and engineering principles category: technical + description: This control ensures secure design principles are adopted during + the development of system architectures. translations: fr: name: "Principes d'ing\xE9nierie et d'architecture des syst\xE8mes s\xE9curis\xE9\ s" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que des principes de\ + \ conception s\xE9curis\xE9s sont adopt\xE9s lors du d\xE9veloppement des\ + \ architectures syst\xE8me." - urn: urn:intuitem:risk:function:doc-pol:a.8.28 ref_id: A.8.28 name: Secure coding category: technical + description: This control implements secure coding practices to minimize vulnerabilities + in developed software. translations: fr: name: "Codage s\xE9curis\xE9" - description: null + description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre des pratiques\ + \ de codage s\xE9curis\xE9 pour minimiser les vuln\xE9rabilit\xE9s des logiciels\ + \ d\xE9velopp\xE9s." - urn: urn:intuitem:risk:function:doc-pol:a.8.29 ref_id: A.8.29 name: Security testing in development and acceptance category: technical + description: This control ensures security testing is conducted during development + and acceptance phases to identify weaknesses. translations: fr: name: "Tests de s\xE9curit\xE9 dans le d\xE9veloppement et l'acceptation" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que des tests de s\xE9\ + curit\xE9 sont effectu\xE9s pendant les phases de d\xE9veloppement et d'acceptation\ + \ pour identifier les faiblesses." - urn: urn:intuitem:risk:function:doc-pol:a.8.30 ref_id: A.8.30 name: 'Outsourced development ' category: technical + description: This control ensures security risks are managed effectively when + development is outsourced to third-party vendors. translations: fr: name: "D\xE9veloppement externalis\xE9 " - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les risques de s\xE9\ + curit\xE9 sont g\xE9r\xE9s efficacement lorsque le d\xE9veloppement est\ + \ externalis\xE9 \xE0 des fournisseurs tiers." - urn: urn:intuitem:risk:function:doc-pol:a.8.31 ref_id: A.8.31 name: Separation of development, test and production environments category: technical + description: This control ensures development, test, and production environments + are segregated to prevent unintended interactions and unauthorized access. translations: fr: name: "S\xE9paration des environnements de d\xE9veloppement, de test et op\xE9\ rationnels" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les environnements\ + \ de d\xE9veloppement, de test et de production sont s\xE9par\xE9s pour\ + \ \xE9viter les interactions involontaires et les acc\xE8s non autoris\xE9\ + s." - urn: urn:intuitem:risk:function:doc-pol:a.8.32 ref_id: A.8.32 name: Change management category: technical + description: This control ensures changes to systems are managed securely to minimize + risks and maintain operational stability. translations: fr: name: Gestion des changements - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les modifications\ + \ des syst\xE8mes sont g\xE9r\xE9es de mani\xE8re s\xE9curis\xE9e pour minimiser\ + \ les risques et maintenir la stabilit\xE9 op\xE9rationnelle." - urn: urn:intuitem:risk:function:doc-pol:a.8.33 ref_id: A.8.33 name: Test information category: technical + description: This control protects test data to prevent the exposure of sensitive + or confidential information during testing processes. translations: fr: name: Informations de test - description: null + description: "Cette mesure de s\xE9curit\xE9 prot\xE8ge les donn\xE9es de\ + \ test pour \xE9viter l'exposition d'informations sensibles ou confidentielles\ + \ lors des processus de test." - urn: urn:intuitem:risk:function:doc-pol:a.8.34 ref_id: A.8.34 name: Protection of information systems during audit testing category: technical + description: This control ensures that systems and data are safeguarded during + audits by preventing unauthorized access, data leakage, or disruptions. Measures + include using non-production environments, access restrictions, and confidentiality + agreements to maintain system security and integrity. translations: fr: name: "Protection des syst\xE8mes d'information pendant les tests d'audit" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les syst\xE8mes\ + \ et les donn\xE9es sont prot\xE9g\xE9s pendant les audits en emp\xEAchant\ + \ les acc\xE8s non autoris\xE9s, les fuites de donn\xE9es ou les perturbations.\ + \ Les mesures incluent l'utilisation d'environnements non productifs, des\ + \ restrictions d'acc\xE8s et des accords de confidentialit\xE9 pour pr\xE9\ + server la s\xE9curit\xE9 et l'int\xE9grit\xE9 des syst\xE8mes." framework: urn: urn:intuitem:risk:framework:iso27001-2022 ref_id: ISO/IEC 27001:2022 @@ -821,64 +1364,76 @@ objects: parent_urn: urn:intuitem:risk:req_node:iso27001-2022:4 ref_id: '4.1' name: Understanding the organization and its context - description: Understand the context and the organization. + description: "Identify internal and external factors that influence the organization\u2019\ + s ability to achieve information security objectives, ensuring the ISMS is\ + \ aligned with its context." implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:DOC.CONTEXT + - urn:intuitem:risk:function:doc-pol:doc.context translations: fr: name: "Compr\xE9hension de l'organisation et de son contexte" - description: Comprendre le contexte et l'organisation + description: "Identifier les facteurs internes et externes qui influencent\ + \ la capacit\xE9 de l\u2019organisation \xE0 atteindre ses objectifs de\ + \ s\xE9curit\xE9 de l\u2019information, en veillant \xE0 ce que le SMSI\ + \ soit align\xE9 sur son contexte." - urn: urn:intuitem:risk:req_node:iso27001-2022:4.2 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:4 ref_id: '4.2' name: Understanding the needs and expectations of interested parties - description: Determine interested parties and understand their requirements - in relation with the ISMS. + description: Analyze the needs and expectations of interested parties to incorporate + them into the ISMS and address relevant information security requirements. implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:DOC.CONTEXT + - urn:intuitem:risk:function:doc-pol:doc.context translations: fr: name: "Compr\xE9hension des besoins et attentes des parties int\xE9ress\xE9\ es" - description: "D\xE9terminer les parties int\xE9ress\xE9es et comprendre\ - \ leurs besoins en relation avec le SMSI." + description: "Analyser les besoins et attentes des parties int\xE9ress\xE9\ + es pour les int\xE9grer dans le SMSI et r\xE9pondre aux exigences pertinentes\ + \ en mati\xE8re de s\xE9curit\xE9 de l\u2019information." - urn: urn:intuitem:risk:req_node:iso27001-2022:4.3 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:4 ref_id: '4.3' name: Determining the scope of the information security management system - description: Determine the scope of the ISMS. + description: Define the scope of the ISMS by considering internal and external + factors, stakeholder needs, and dependencies within the operational environment. implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:DOC.SCOPE + - urn:intuitem:risk:function:doc-pol:doc.scope translations: fr: name: "D\xE9termination du domaine d'application du syst\xE8me de management\ \ de la s\xE9curit\xE9 de l'information" - description: "D\xE9terminer le champ d'application du SMSI." + description: "D\xE9finir le p\xE9rim\xE8tre du SMSI en prenant en compte\ + \ les facteurs internes et externes, les besoins des parties prenantes\ + \ et les d\xE9pendances dans l\u2019environnement op\xE9rationnel." - urn: urn:intuitem:risk:req_node:iso27001-2022:4.4 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:4 ref_id: '4.4' name: Information security management system - description: Design and implement the ISMS. + description: Build, run, and continually improve an ISMS to effectively manage + information security risks and meet organizational goals. implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:DOC.OVERVIEW + - urn:intuitem:risk:function:doc-pol:doc.overview translations: fr: name: "Syst\xE8me de management de la s\xE9curit\xE9 de l'information" - description: "Concevoir et mettre en \u0153uvre le SMSI." + description: "Concevoir, exploiter et am\xE9liorer en continu un SMSI pour\ + \ g\xE9rer efficacement les risques de s\xE9curit\xE9 de l\u2019information\ + \ et atteindre les objectifs organisationnels." - urn: urn:intuitem:risk:req_node:iso27001-2022:5 assessable: false depth: 2 @@ -897,53 +1452,65 @@ objects: parent_urn: urn:intuitem:risk:req_node:iso27001-2022:5 ref_id: '5.1' name: Leadership and commitment - description: Ensure top management provides adequate commitment and resources - for the ISMS. + description: Demonstrate leadership and commitment by supporting the ISMS, aligning + it with organizational objectives, allocating resources, promoting a security + culture, and driving continual improvement. implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:DOC.OVERVIEW - - urn:intuitem:risk:function:doc-pol:DOC.CONTROLS - - urn:intuitem:risk:function:doc-pol:DOC.COM - - urn:intuitem:risk:function:doc-pol:DOC.AUDIT_PLAN - - urn:intuitem:risk:function:doc-pol:DOC.COMPETENCY - - urn:intuitem:risk:function:doc-pol:POL.MAIN + - urn:intuitem:risk:function:doc-pol:doc.overview + - urn:intuitem:risk:function:doc-pol:doc.controls + - urn:intuitem:risk:function:doc-pol:doc.com + - urn:intuitem:risk:function:doc-pol:doc.audit_plan + - urn:intuitem:risk:function:doc-pol:doc.competency + - urn:intuitem:risk:function:doc-pol:pol.main translations: fr: name: Leadership et engagement - description: "Veiller \xE0 ce que la direction g\xE9n\xE9rale fournisse\ - \ un engagement et des ressources ad\xE9quats pour le SMSI." + description: "D\xE9montrer un leadership et un engagement en soutenant le\ + \ SMSI, en l'alignant sur les objectifs organisationnels, en allouant\ + \ des ressources, en promouvant une culture de s\xE9curit\xE9 et en favorisant\ + \ l'am\xE9lioration continue." - urn: urn:intuitem:risk:req_node:iso27001-2022:5.2 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:5 ref_id: '5.2' name: ' Policy' - description: Define an adequate security policy. + description: Establish an information security policy aligned with the organization's + objectives and strategic direction, outlining commitments to compliance, continual + improvement, and the promotion of information security. implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:POL.MAIN + - urn:intuitem:risk:function:doc-pol:pol.main translations: fr: name: ' Politique' - description: "D\xE9finir une politique de s\xE9curit\xE9 adapt\xE9e." + description: "\xC9tablir une politique de s\xE9curit\xE9 de l\u2019information\ + \ align\xE9e sur les objectifs et la direction strat\xE9gique de l'organisation,\ + \ pr\xE9cisant les engagements en mati\xE8re de conformit\xE9, d'am\xE9\ + lioration continue et de promotion de la s\xE9curit\xE9 de l\u2019information." - urn: urn:intuitem:risk:req_node:iso27001-2022:5.3 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:5 ref_id: '5.3' name: Organizational roles, responsibilities and authorities - description: Ensure roles and responsibilities are properly defined. + description: Define, assign, and communicate roles, responsibilities, and authorities + to ensure the effective implementation and operation of the ISMS, with accountability + aligned to organizational objectives. implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:DOC.RACI + - urn:intuitem:risk:function:doc-pol:doc.raci translations: fr: name: "R\xF4les, responsabilit\xE9s et autorit\xE9s au sein de l'organisation" - description: "Veiller \xE0 ce que les r\xF4les et les responsabilit\xE9\ - s soient correctement d\xE9finis." + description: "D\xE9finir, attribuer et communiquer les r\xF4les, responsabilit\xE9\ + s et autorit\xE9s pour assurer la mise en \u0153uvre et le fonctionnement\ + \ efficaces du SMSI, avec une responsabilit\xE9 align\xE9e sur les objectifs\ + \ organisationnels." - urn: urn:intuitem:risk:req_node:iso27001-2022:6 assessable: false depth: 2 @@ -957,7 +1524,7 @@ objects: name: Planification description: null - urn: urn:intuitem:risk:req_node:iso27001-2022:6.1 - assessable: true + assessable: false depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:6 ref_id: '6.1' @@ -974,88 +1541,111 @@ objects: parent_urn: urn:intuitem:risk:req_node:iso27001-2022:6.1 ref_id: 6.1.1 name: General - description: When planning for the ISMS, take into account risks and opportunities, - and actions to address them. + description: Establish a process to identify information security risks and + opportunities, considering internal and external factors, stakeholder needs, + and applicable requirements to ensure the ISMS achieves its objectives. implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:POL.RISK - - urn:intuitem:risk:function:doc-pol:DOC.RISK_REGISTER + - urn:intuitem:risk:function:doc-pol:pol.risk + - urn:intuitem:risk:function:doc-pol:doc.risk_register translations: fr: name: "G\xE9n\xE9ralit\xE9s" - description: "Lors de la planification du SMSI, il convient de tenir compte\ - \ des risques et opportunit\xE9s, ainsi que des mesures \xE0 prendre pour\ - \ y rem\xE9dier." + description: "\xC9tablir un processus pour identifier les risques et opportunit\xE9\ + s en mati\xE8re de s\xE9curit\xE9 de l\u2019information, en prenant en\ + \ compte les facteurs internes et externes, les besoins des parties prenantes\ + \ et les exigences applicables, afin d\u2019assurer que le SMSI atteigne\ + \ ses objectifs." - urn: urn:intuitem:risk:req_node:iso27001-2022:6.1.2 assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:6.1 ref_id: 6.1.2 name: Information security risk assessment requirement - description: Establish a proper risk assessment process. + description: Establish a process to assess information security risks at planned + intervals, using defined criteria to evaluate threats to confidentiality, + integrity, and availability, ensuring consistent and reliable results. implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:POL.RISK - - urn:intuitem:risk:function:doc-pol:DOC.RISK_REGISTER + - urn:intuitem:risk:function:doc-pol:pol.risk + - urn:intuitem:risk:function:doc-pol:doc.risk_register translations: fr: name: "Appr\xE9ciation des risques de s\xE9curit\xE9 de l'information" - description: "Mettre en place un processus adapt\xE9 d'\xE9valuation des\ - \ risques." + description: "\xC9tablir un processus pour \xE9valuer les risques li\xE9\ + s \xE0 la s\xE9curit\xE9 de l\u2019information \xE0 des intervalles planifi\xE9\ + s, en utilisant des crit\xE8res d\xE9finis pour \xE9valuer les menaces\ + \ sur la confidentialit\xE9, l\u2019int\xE9grit\xE9 et la disponibilit\xE9\ + , garantissant des r\xE9sultats coh\xE9rents et fiables." - urn: urn:intuitem:risk:req_node:iso27001-2022:6.1.3 assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:6.1 ref_id: 6.1.3 name: Information security risk treatment - description: Establish a proper risk treatment process, and produce a Statement - of Applicability. + description: Define a process to address identified information security risks + by selecting appropriate controls, ensuring alignment with risk acceptance + criteria, and documenting them in a risk treatment plan. implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:POL.RISK - - urn:intuitem:risk:function:doc-pol:DOC.RISK_REGISTER - - urn:intuitem:risk:function:doc-pol:DOC.SOA + - urn:intuitem:risk:function:doc-pol:pol.risk + - urn:intuitem:risk:function:doc-pol:doc.risk_register + - urn:intuitem:risk:function:doc-pol:doc.soa translations: fr: name: "Traitement des risques de s\xE9curit\xE9 de l'information" - description: "Mettre en place un processus appropri\xE9 de traitement des\ - \ risques et produire une d\xE9claration d'applicabilit\xE9." + description: "D\xE9finir un processus pour traiter les risques identifi\xE9\ + s en mati\xE8re de s\xE9curit\xE9 de l\u2019information en s\xE9lectionnant\ + \ des contr\xF4les appropri\xE9s, en assurant leur alignement avec les\ + \ crit\xE8res d\u2019acceptation des risques et en les documentant dans\ + \ un plan de traitement des risques." - urn: urn:intuitem:risk:req_node:iso27001-2022:6.2 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:6 ref_id: '6.2' name: Information security objectives and planning to achieve them - description: Define and maintain relevant security objectives. + description: Set measurable information security objectives aligned with the + ISMS and strategic goals, and plan actions detailing responsibilities, resources, + timelines, and evaluation methods to achieve them. implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:POL.MAIN - - urn:intuitem:risk:function:doc-pol:DOC.SO_REGISTER - - urn:intuitem:risk:function:doc-pol:DOC.RISK_REGISTER - - urn:intuitem:risk:function:doc-pol:DOC.MGMT_REVIEW + - urn:intuitem:risk:function:doc-pol:pol.main + - urn:intuitem:risk:function:doc-pol:doc.so_register + - urn:intuitem:risk:function:doc-pol:doc.risk_register + - urn:intuitem:risk:function:doc-pol:doc.mgmt_review translations: fr: name: "Objectifs de s\xE9curit\xE9 de l'information et plans pour les atteindre" - description: "D\xE9finir et maintenir des objectifs de s\xE9curit\xE9 pertinents." + description: "D\xE9finir des objectifs mesurables en mati\xE8re de s\xE9\ + curit\xE9 de l\u2019information align\xE9s sur le SMSI et les objectifs\ + \ strat\xE9giques, et planifier des actions d\xE9taillant les responsabilit\xE9\ + s, les ressources, les \xE9ch\xE9ances et les m\xE9thodes d\u2019\xE9\ + valuation pour les atteindre." - urn: urn:intuitem:risk:req_node:iso27001-2022:6.3 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:6 ref_id: '6.3' name: Planning for changes - description: Plan the changes to the ISMS + description: Plan changes to the ISMS systematically to ensure alignment with + information security requirements, seamless integration into existing processes, + and effective risk management. implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:POL.MAINTENANCE + - urn:intuitem:risk:function:doc-pol:pol.maintenance translations: fr: name: Planification des modifications - description: Planifier les changements du SMSI avant de les appliquer. + description: "Planifier les changements au SMSI de mani\xE8re syst\xE9matique\ + \ pour garantir leur alignement avec les exigences de s\xE9curit\xE9 de\ + \ l\u2019information, leur int\xE9gration transparente dans les processus\ + \ existants et une gestion efficace des risques." - urn: urn:intuitem:risk:req_node:iso27001-2022:7 assessable: false depth: 2 @@ -1074,65 +1664,82 @@ objects: parent_urn: urn:intuitem:risk:req_node:iso27001-2022:7 ref_id: '7.1' name: Resources - description: Provide adequate resources for the ISMS. + description: Provide the necessary resources to build, run, and continually + improve the ISMS, ensuring its effective operation and alignment with organizational + goals. implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:DOC.RACI - - urn:intuitem:risk:function:doc-pol:DOC.COMPETENCY - - urn:intuitem:risk:function:doc-pol:DOC.CONTROLS + - urn:intuitem:risk:function:doc-pol:doc.raci + - urn:intuitem:risk:function:doc-pol:doc.competency + - urn:intuitem:risk:function:doc-pol:doc.controls translations: fr: name: Ressources - description: "Fournir des ressources ad\xE9quates pour le SMSI." + description: "Fournir les ressources n\xE9cessaires pour construire, exploiter\ + \ et am\xE9liorer en continu le SMSI, en garantissant son fonctionnement\ + \ efficace et son alignement avec les objectifs organisationnels." - urn: urn:intuitem:risk:req_node:iso27001-2022:7.2 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:7 ref_id: '7.2' name: Competence - description: Manage competence of workforce interacting with the ISMS. + description: Ensure personnel involved in the ISMS possess the necessary competence + through appropriate education, training, or experience to fulfill their responsibilities + effectively. implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:POL.EDUC - - urn:intuitem:risk:function:doc-pol:DOC.EDUC_REGISTER + - urn:intuitem:risk:function:doc-pol:pol.educ + - urn:intuitem:risk:function:doc-pol:doc.educ_register translations: fr: name: "Comp\xE9tences" - description: "G\xE9rer les comp\xE9tences du personnel qui interagit avec\ - \ le SMSI." + description: "Garantir que le personnel impliqu\xE9 dans le SMSI dispose\ + \ des comp\xE9tences n\xE9cessaires gr\xE2ce \xE0 une formation, une \xE9\ + ducation ou une exp\xE9rience appropri\xE9es pour remplir efficacement\ + \ leurs responsabilit\xE9s." - urn: urn:intuitem:risk:req_node:iso27001-2022:7.3 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:7 ref_id: '7.3' name: Awareness - description: Manage awareness of all employees and contractors. + description: Promote awareness among relevant personnel about the ISMS, their + role in information security, and the importance of compliance with security + policies and requirements. implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:POL.EDUC - - urn:intuitem:risk:function:doc-pol:DOC.EDUC_REGISTER + - urn:intuitem:risk:function:doc-pol:pol.educ + - urn:intuitem:risk:function:doc-pol:doc.educ_register translations: fr: name: Sensibilisation - description: Sensibiliser l'ensemble du personnel. + description: "Promouvoir la sensibilisation du personnel concern\xE9 au\ + \ SMSI, \xE0 leur r\xF4le dans la s\xE9curit\xE9 de l\u2019information\ + \ et \xE0 l\u2019importance de se conformer aux politiques et exigences\ + \ de s\xE9curit\xE9." - urn: urn:intuitem:risk:req_node:iso27001-2022:7.4 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:7 ref_id: '7.4' name: Communication - description: Manage communication relevant to the ISMS. + description: Establish effective internal and external communication processes, + ensuring the timely and appropriate exchange of information relevant to the + ISMS and its objectives. implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:DOC.COM + - urn:intuitem:risk:function:doc-pol:doc.com translations: fr: name: Communication - description: "G\xE9rer la communication interne et externe." + description: "\xC9tablir des processus de communication internes et externes\ + \ efficaces, assurant un \xE9change d\u2019informations opportun et appropri\xE9\ + \ en lien avec le SMSI et ses objectifs." - urn: urn:intuitem:risk:req_node:iso27001-2022:7.5 assessable: false depth: 3 @@ -1151,47 +1758,54 @@ objects: parent_urn: urn:intuitem:risk:req_node:iso27001-2022:7.5 ref_id: 7.5.1 name: General - description: Document adequate information relevant to the ISMS. + description: Document the ISMS as needed to ensure effective planning, operation, + control of processes, and alignment with organizational requirements. implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:DOC.DOC_REGISTER + - urn:intuitem:risk:function:doc-pol:doc.doc_register translations: fr: name: "G\xE9n\xE9ralit\xE9s" - description: "Documenter les informations ad\xE9quates relatives au SMSI." + description: "Documenter le SMSI selon les besoins pour garantir une planification\ + \ efficace, le fonctionnement, le contr\xF4le des processus et l\u2019\ + alignement avec les exigences organisationnelles." - urn: urn:intuitem:risk:req_node:iso27001-2022:7.5.2 assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:7.5 ref_id: 7.5.2 name: Creating and Updating documented information - description: Identify properly the documents, and manage reviews and approvals. + description: Ensure ISMS documentation is appropriately created, updated, and + controlled, including proper approval and version management. implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:DOC.DOC_REGISTER + - urn:intuitem:risk:function:doc-pol:doc.doc_register translations: fr: name: "Cr\xE9ation et mise \xE0 jour" - description: "Identifier les documents de fa\xE7on appropri\xE9e et g\xE9\ - rer les revues et validations." + description: "S\u2019assurer que la documentation du SMSI est correctement\ + \ cr\xE9\xE9e, mise \xE0 jour et contr\xF4l\xE9e, y compris avec une approbation\ + \ et une gestion des versions appropri\xE9es." - urn: urn:intuitem:risk:req_node:iso27001-2022:7.5.3 assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:7.5 ref_id: 7.5.3 name: Control of documented information - description: Ensure the ISMS documentation is available and adequately protected. + description: Make ISMS documentation accessible and usable for those who need + it, while protecting it from unauthorized access or loss. implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:DOC.DOC_REGISTER + - urn:intuitem:risk:function:doc-pol:doc.doc_register translations: fr: name: "Contr\xF4le des informations document\xE9es" - description: "Veiller \xE0 ce que la documentation du SMSI soit disponible\ - \ et prot\xE9g\xE9e de mani\xE8re ad\xE9quate." + description: "Rendre la documentation du SMSI accessible et utilisable pour\ + \ ceux qui en ont besoin, tout en la prot\xE9geant contre tout acc\xE8\ + s non autoris\xE9 ou perte." - urn: urn:intuitem:risk:req_node:iso27001-2022:8 assessable: false depth: 2 @@ -1210,49 +1824,60 @@ objects: parent_urn: urn:intuitem:risk:req_node:iso27001-2022:8 ref_id: '8.1' name: Operational planning and control - description: Define and implement adequate processes, and control them. + description: Plan and control ISMS processes, ensuring consistency with requirements + and making necessary adjustments to address risks and opportunities. implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:DOC.RACI - - urn:intuitem:risk:function:doc-pol:DOC.PROC_REGISTER + - urn:intuitem:risk:function:doc-pol:doc.raci + - urn:intuitem:risk:function:doc-pol:doc.proc_register translations: fr: name: "Planification et contr\xF4le op\xE9rationnels" - description: "D\xE9finir et mettre en \u0153uvre des processus ad\xE9quats\ - \ et les contr\xF4ler." + description: "Planifier et contr\xF4ler les processus du SMSI, en garantissant\ + \ leur coh\xE9rence avec les exigences et en apportant les ajustements\ + \ n\xE9cessaires pour traiter les risques et opportunit\xE9s." - urn: urn:intuitem:risk:req_node:iso27001-2022:8.2 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:8 ref_id: '8.2' name: Information security risk assessment - description: Perform risk assessments periodically. + description: Implement the risk assessment process to identify, evaluate, and + prioritize information security risks as defined in the ISMS framework. implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:DOC.PROC_REGISTER - - urn:intuitem:risk:function:doc-pol:DOC.RISK_REGISTER + - urn:intuitem:risk:function:doc-pol:doc.proc_register + - urn:intuitem:risk:function:doc-pol:doc.risk_register translations: fr: name: "Appr\xE9ciation des risques de s\xE9curit\xE9 de l'information" - description: "Effectuer p\xE9riodiquement des \xE9valuations des risques." + description: "Mettre en \u0153uvre le processus d\u2019\xE9valuation des\ + \ risques pour identifier, \xE9valuer et prioriser les risques li\xE9\ + s \xE0 la s\xE9curit\xE9 de l\u2019information, tel que d\xE9fini dans\ + \ le cadre du SMSI." - urn: urn:intuitem:risk:req_node:iso27001-2022:8.3 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:8 ref_id: '8.3' name: Information security risk treatment - description: Implement risk treatment plan. + description: "Apply the risk treatment process by selecting and implementing\ + \ appropriate controls to address identified risks, ensuring alignment with\ + \ the organization\u2019s risk acceptance criteria." implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:DOC.PROC_REGISTER - - urn:intuitem:risk:function:doc-pol:DOC.RISK_REGISTER + - urn:intuitem:risk:function:doc-pol:doc.proc_register + - urn:intuitem:risk:function:doc-pol:doc.risk_register translations: fr: name: "Traitement des risques de s\xE9curit\xE9 de l'information" - description: "Mettre en \u0153uvre le plan de traitement des risques." + description: "Appliquer le processus de traitement des risques en s\xE9\ + lectionnant et en mettant en \u0153uvre des contr\xF4les appropri\xE9\ + s pour traiter les risques identifi\xE9s, en assurant leur alignement\ + \ avec les crit\xE8res d\u2019acceptation des risques de l\u2019organisation." - urn: urn:intuitem:risk:req_node:iso27001-2022:9 assessable: false depth: 2 @@ -1271,18 +1896,20 @@ objects: parent_urn: urn:intuitem:risk:req_node:iso27001-2022:9 ref_id: '9.1' name: Monitoring, measurement, analysis, evaluation - description: Implement relevant monitoring, and evaluate performance and effectiveness - of the ISMS. + description: "Monitor, measure, analyze, and evaluate the ISMS\u2019s performance\ + \ and effectiveness using appropriate methods aligned with the organization\u2019\ + s objectives.\n" implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:POL.MONITOR - - urn:intuitem:risk:function:doc-pol:DOC.AUDIT_PLAN + - urn:intuitem:risk:function:doc-pol:pol.monitor + - urn:intuitem:risk:function:doc-pol:doc.audit_plan translations: fr: name: "Surveillance, mesurages, analyse et \xE9valuation" - description: "Mettre en \u0153uvre un suivi pertinent et \xE9valuer les\ - \ performances et l'efficacit\xE9 du SMSI." + description: "Surveiller, mesurer, analyser et \xE9valuer la performance\ + \ et l\u2019efficacit\xE9 du SMSI en utilisant des m\xE9thodes appropri\xE9\ + es align\xE9es sur les objectifs de l\u2019organisation." - urn: urn:intuitem:risk:req_node:iso27001-2022:9.2 assessable: false depth: 3 @@ -1301,31 +1928,38 @@ objects: parent_urn: urn:intuitem:risk:req_node:iso27001-2022:9.2 ref_id: 9.2.1 name: General - description: Perform regular internal audits of the ISMS. + description: Conduct internal audits at planned intervals to ensure the ISMS + complies with ISO/IEC 27001 requirements and is effectively implemented and + maintained. implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:POL.AUDIT + - urn:intuitem:risk:function:doc-pol:pol.audit translations: fr: name: "G\xE9n\xE9ralit\xE9s" - description: "Effectuer des audits internes r\xE9guliers du SMSI." + description: "Effectuer des audits internes \xE0 des intervalles planifi\xE9\ + s pour garantir que le SMSI est conforme aux exigences de l\u2019ISO/CEI\ + \ 27001 et qu\u2019il est efficacement mis en \u0153uvre et maintenu." - urn: urn:intuitem:risk:req_node:iso27001-2022:9.2.2 assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:9.2 ref_id: 9.2.2 name: Internal audit programme - description: Manage the internal audit programme appropriately. + description: Plan and perform internal audits, including defining criteria, + scope, methods, and responsibilities, and report the results to relevant management. implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:DOC.AUDIT_PLAN + - urn:intuitem:risk:function:doc-pol:doc.audit_plan translations: fr: name: Programme d'audit interne - description: "G\xE9rer le programme d'audit interne de mani\xE8re appropri\xE9\ - e." + description: "Planifier et r\xE9aliser des audits internes, y compris la\ + \ d\xE9finition des crit\xE8res, du p\xE9rim\xE8tre, des m\xE9thodes et\ + \ des responsabilit\xE9s, et rapporter les r\xE9sultats \xE0 la direction\ + \ concern\xE9e." - urn: urn:intuitem:risk:req_node:iso27001-2022:9.3 assessable: false depth: 3 @@ -1344,46 +1978,55 @@ objects: parent_urn: urn:intuitem:risk:req_node:iso27001-2022:9.3 ref_id: 9.3.1 name: General - description: Organize management reviews of the ISMS periodically. + description: Review the ISMS periodically to ensure its suitability, adequacy, + and effectiveness in achieving organizational objectives. implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:POL.MAIN + - urn:intuitem:risk:function:doc-pol:pol.main translations: fr: name: "G\xE9n\xE9ralit\xE9s" - description: "Organiser p\xE9riodiquement des revues de direction du SMSI." + description: "Examiner le SMSI p\xE9riodiquement pour s\u2019assurer de\ + \ son ad\xE9quation, de son efficacit\xE9 et de sa capacit\xE9 \xE0 atteindre\ + \ les objectifs organisationnels." - urn: urn:intuitem:risk:req_node:iso27001-2022:9.3.2 assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:9.3 ref_id: 9.3.2 name: Management review inputs - description: Include appropriate data for effective management reviews. + description: Include inputs such as audit results, ISMS performance, risk status, + improvement opportunities, and required changes in the management review. implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:DOC.MGMT_REVIEW + - urn:intuitem:risk:function:doc-pol:doc.mgmt_review translations: fr: name: "El\xE9ments d'entr\xE9e de la revue de direction" - description: "Inclure des donn\xE9es appropri\xE9es pour une r\xE9vision\ - \ efficace de la revue de direction." + description: "Inclure des \xE9l\xE9ments tels que les r\xE9sultats d\u2019\ + audits, la performance du SMSI, l\u2019\xE9tat des risques, les opportunit\xE9\ + s d\u2019am\xE9lioration et les changements n\xE9cessaires dans la revue\ + \ de direction." - urn: urn:intuitem:risk:req_node:iso27001-2022:9.3.3 assessable: true depth: 4 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:9.3 ref_id: 9.3.3 name: Management review results - description: Document the results of the management reviews. + description: Document the results of the management reviews, including decisions + on improvements, ISMS changes, and resource requirements. implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:DOC.MGMT_REVIEW + - urn:intuitem:risk:function:doc-pol:doc.mgmt_review translations: fr: name: "R\xE9sultats des revues de direction" - description: "Documenter les r\xE9sultats des revues de direction." + description: "Documenter les r\xE9sultats des revues de direction, y compris\ + \ les d\xE9cisions sur les am\xE9liorations, les modifications du SMSI\ + \ et les besoins en ressources." - urn: urn:intuitem:risk:req_node:iso27001-2022:10 assessable: false depth: 2 @@ -1402,36 +2045,42 @@ objects: parent_urn: urn:intuitem:risk:req_node:iso27001-2022:10 ref_id: '10.1' name: "Continual improvement\_" - description: Improve the ISMS continuously. + description: Identify and act on opportunities for continual improvement to + enhance the ISMS's effectiveness and alignment with organizational goals. implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:POL.MAIN + - urn:intuitem:risk:function:doc-pol:pol.main translations: fr: name: "Am\xE9lioration continue\_" - description: "Am\xE9liorer en permanence le SMSI." + description: "Identifier et agir sur les opportunit\xE9s d\u2019am\xE9lioration\ + \ continue pour renforcer l\u2019efficacit\xE9 du SMSI et son alignement\ + \ avec les objectifs organisationnels." - urn: urn:intuitem:risk:req_node:iso27001-2022:10.2 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:10 ref_id: '10.2' name: Nonconformity and corrective action - description: Manage nonconformities appropriately. + description: Address nonconformities by taking corrective actions, identifying + root causes, and implementing measures to prevent recurrence while documenting + the process. implementation_groups: - Clauses reference_controls: - - urn:intuitem:risk:function:doc-pol:POL.MAIN - - urn:intuitem:risk:function:doc-pol:POL.INCIDENT - - urn:intuitem:risk:function:doc-pol:DOC.NC_LOG - - urn:intuitem:risk:function:doc-pol:DOC.PROC_REGISTER - - urn:intuitem:risk:function:doc-pol:DOC.RACI - - urn:intuitem:risk:function:doc-pol:DOC.MGMT_REVIEW + - urn:intuitem:risk:function:doc-pol:pol.main + - urn:intuitem:risk:function:doc-pol:pol.incident + - urn:intuitem:risk:function:doc-pol:doc.nc_log + - urn:intuitem:risk:function:doc-pol:doc.proc_register + - urn:intuitem:risk:function:doc-pol:doc.raci + - urn:intuitem:risk:function:doc-pol:doc.mgmt_review translations: fr: name: "Non-conformit\xE9 et action corrective" - description: "G\xE9rer les non-conformit\xE9s de mani\xE8re appropri\xE9\ - e." + description: "Traiter les non-conformit\xE9s en prenant des actions correctives,\ + \ en identifiant les causes profondes et en mettant en \u0153uvre des\ + \ mesures pour \xE9viter leur r\xE9currence, tout en documentant le processus." - urn: urn:intuitem:risk:req_node:iso27001-2022:annex-a assessable: false depth: 1 @@ -1461,454 +2110,693 @@ objects: parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.1 name: Policies for information security + description: This control establishes and maintains information security policies + aligned with organizational objectives. Measures include defining scope, setting + goals, and ensuring alignment with compliance requirements. implementation_groups: - SoA translations: fr: name: "Politiques de s\xE9curit\xE9 de l'information" - description: null + description: "Cette mesure de s\xE9curit\xE9 \xE9tablit et maintient des\ + \ politiques de s\xE9curit\xE9 de l'information align\xE9es sur les objectifs\ + \ organisationnels. Les mesures incluent la d\xE9finition de la port\xE9\ + e, la fixation des objectifs et l'alignement avec les exigences de conformit\xE9\ + ." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.2 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.2 name: Information security roles and responsibilities + description: This control defines and assigns roles and responsibilities for + information security to ensure accountability. Measures include clear documentation + of responsibilities, periodic reviews, and enforcement mechanisms. implementation_groups: - SoA translations: fr: name: "Fonctions et responsabilit\xE9s li\xE9es \xE0 la s\xE9curit\xE9 de\ \ l'information" - description: null + description: "Cette mesure de s\xE9curit\xE9 d\xE9finit et attribue des\ + \ r\xF4les et responsabilit\xE9s en mati\xE8re de s\xE9curit\xE9 de l'information\ + \ pour garantir la responsabilit\xE9. Les mesures incluent une documentation\ + \ claire des responsabilit\xE9s, des revues p\xE9riodiques et des m\xE9\ + canismes d'application." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.3 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.3 name: Segregation of duties + description: This control ensures segregation of duties to reduce the risk of + errors, fraud, and unauthorized access. Measures include role separation, + access restrictions, and regular audits. implementation_groups: - SoA translations: fr: name: "S\xE9paration des t\xE2ches" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit la s\xE9paration des\ + \ t\xE2ches pour r\xE9duire le risque d'erreurs, de fraude et d'acc\xE8\ + s non autoris\xE9. Les mesures incluent la s\xE9paration des r\xF4les,\ + \ des restrictions d'acc\xE8s et des audits r\xE9guliers." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.4 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.4 name: Management responsibilities + description: This control ensures management responsibilities for information + security are clearly defined and implemented. Measures include setting objectives, + allocating resources, and overseeing compliance. implementation_groups: - SoA translations: fr: name: "Responsabilit\xE9s de la direction" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les responsabilit\xE9\ + s de gestion en mati\xE8re de s\xE9curit\xE9 de l'information sont clairement\ + \ d\xE9finies et mises en \u0153uvre. Les mesures incluent la fixation\ + \ d'objectifs, l'allocation de ressources et la supervision de la conformit\xE9\ + ." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.5 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.5 name: Contact with authorities + description: This control ensures timely communication with relevant authorities + during information security incidents. Measures include establishing contact + protocols, maintaining updated contact lists, and assigning responsibilities. implementation_groups: - SoA translations: fr: name: "Contact avec les autorit\xE9s" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit une communication\ + \ rapide avec les autorit\xE9s comp\xE9tentes en cas d'incidents de s\xE9\ + curit\xE9 de l'information. Les mesures incluent des protocoles de contact,\ + \ des listes de contacts \xE0 jour et l'attribution de responsabilit\xE9\ + s." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.6 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.6 name: Contact with special interest groups + description: This control facilitates contact with special interest groups to + stay informed about security trends and practices. Measures include participation + in forums, memberships, and collaborative initiatives. implementation_groups: - SoA translations: fr: name: "Contact avec des groupes d'int\xE9r\xEAt sp\xE9cifiques" - description: null + description: "Cette mesure de s\xE9curit\xE9 facilite le contact avec des\ + \ groupes d'int\xE9r\xEAt pour rester inform\xE9 des tendances et pratiques\ + \ en mati\xE8re de s\xE9curit\xE9. Les mesures incluent la participation\ + \ \xE0 des forums, des adh\xE9sions et des initiatives collaboratives." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.7 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.7 name: Threat intelligence + description: This control ensures threat intelligence is developed and maintained + to identify and mitigate security risks. Measures include monitoring threat + feeds, analyzing trends, and sharing actionable insights. implementation_groups: - SoA translations: fr: name: Renseignements sur les menaces - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que des renseignements\ + \ sur les menaces sont d\xE9velopp\xE9s et maintenus pour identifier et\ + \ att\xE9nuer les risques de s\xE9curit\xE9. Les mesures incluent le suivi\ + \ des flux de menaces, l'analyse des tendances et le partage d'informations\ + \ exploitables." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.8 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.8 name: Information security in project management + description: This control incorporates information security into project management + practices. Measures include risk assessments, compliance reviews, and security + checkpoints during project lifecycles. implementation_groups: - SoA translations: fr: name: "S\xE9curit\xE9 de l'information dans la gestion de projet" - description: null + description: "Cette mesure de s\xE9curit\xE9 int\xE8gre la s\xE9curit\xE9\ + \ de l'information dans les pratiques de gestion de projet. Les mesures\ + \ incluent les \xE9valuations des risques, les revues de conformit\xE9\ + \ et les points de contr\xF4le de s\xE9curit\xE9 tout au long du cycle\ + \ de vie du projet." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.9 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.9 name: Inventory of information and other associated assets + description: This control ensures an accurate inventory of information and associated + assets is maintained. Measures include asset tracking, periodic audits, and + classification by sensitivity. implementation_groups: - SoA translations: fr: name: "Inventaire des informations et autres actifs associ\xE9s" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit qu\u2019un inventaire\ + \ pr\xE9cis des informations et des actifs associ\xE9s est maintenu. Les\ + \ mesures incluent le suivi des actifs, des audits p\xE9riodiques et une\ + \ classification par sensibilit\xE9." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.10 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.10 name: Acceptable use of information and other associated assets + description: This control defines acceptable use of information and associated + assets to ensure proper handling. Measures include documented policies, user + training, and enforcement mechanisms. implementation_groups: - SoA translations: fr: name: "Utilisation correcte des informations et autres actifs associ\xE9\ s" - description: null + description: "Cette mesure de s\xE9curit\xE9 d\xE9finit les r\xE8gles d'utilisation\ + \ acceptable des informations et des actifs associ\xE9s pour assurer une\ + \ manipulation appropri\xE9e. Les mesures incluent des politiques document\xE9\ + es, la formation des utilisateurs et des m\xE9canismes d'application." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.11 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.11 name: Return of assets + description: This control ensures the secure return of assets when employees + or contractors leave or change roles. Measures include checklists, asset tracking, + and decommissioning protocols. implementation_groups: - SoA translations: fr: name: Restitution des actifs - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit le retour s\xE9curis\xE9\ + \ des actifs lorsque des employ\xE9s ou des sous-traitants quittent ou\ + \ changent de r\xF4le. Les mesures incluent des listes de contr\xF4le,\ + \ le suivi des actifs et des protocoles de d\xE9sactivation." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.12 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.12 name: Classification of information + description: This control ensures information is classified based on its sensitivity + and value to ensure appropriate protection. Measures include classification + schemes, access restrictions, and labeling guidelines. implementation_groups: - SoA translations: fr: name: Classification des informations - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les informations\ + \ sont class\xE9es en fonction de leur sensibilit\xE9 et de leur valeur\ + \ pour assurer une protection ad\xE9quate. Les mesures incluent des sch\xE9\ + mas de classification, des restrictions d'acc\xE8s et des directives d'\xE9\ + tiquetage." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.13 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.13 name: Labelling of information + description: This control ensures consistent labeling of information to reflect + its classification and handling requirements. Measures include standardized + templates, training, and audits. implementation_groups: - SoA translations: fr: name: Marquage des informations - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit un \xE9tiquetage coh\xE9\ + rent des informations pour refl\xE9ter leur classification et leurs exigences\ + \ de traitement. Les mesures incluent des mod\xE8les standardis\xE9s,\ + \ des formations et des audits." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.14 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.14 name: Information transfer + description: This control establishes secure processes for transferring information + between systems or organizations. Measures include encryption, access controls, + and secure transfer protocols. implementation_groups: - SoA translations: fr: name: Transfert des informations - description: null + description: "Cette mesure de s\xE9curit\xE9 \xE9tablit des processus s\xE9\ + curis\xE9s pour le transfert d'informations entre syst\xE8mes ou organisations.\ + \ Les mesures incluent le chiffrement, les contr\xF4les d'acc\xE8s et\ + \ les protocoles de transfert s\xE9curis\xE9s." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.15 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.15 name: Access control + description: This control implements and maintains access control mechanisms + to restrict access to authorized individuals. Measures include role-based + access, multi-factor authentication, and periodic reviews. implementation_groups: - SoA translations: fr: name: "Contr\xF4le d'acc\xE8s" - description: null + description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre et maintient\ + \ des m\xE9canismes de contr\xF4le d'acc\xE8s pour limiter l'acc\xE8s\ + \ aux individus autoris\xE9s. Les mesures incluent des contr\xF4les bas\xE9\ + s sur les r\xF4les, l'authentification multifacteur et des revues p\xE9\ + riodiques." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.16 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.16 name: Identity management + description: This control ensures identities are managed securely to guarantee + accurate and reliable access to systems. Measures include identity verification, + lifecycle management, and access provisioning. implementation_groups: - SoA translations: fr: name: "Gestion des identit\xE9s" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les identit\xE9\ + s sont g\xE9r\xE9es de mani\xE8re s\xE9curis\xE9e pour garantir un acc\xE8\ + s pr\xE9cis et fiable aux syst\xE8mes. Les mesures incluent la v\xE9rification\ + \ d'identit\xE9, la gestion du cycle de vie et l'approvisionnement des\ + \ acc\xE8s." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.17 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.17 name: Authentication information + description: This control protects authentication information, such as passwords, + to prevent unauthorized access. Measures include encryption, secure storage, + and periodic password updates. implementation_groups: - SoA translations: fr: name: Informations d'authentification - description: null + description: "Cette mesure de s\xE9curit\xE9 prot\xE8ge les informations\ + \ d'authentification, telles que les mots de passe, pour emp\xEAcher tout\ + \ acc\xE8s non autoris\xE9. Les mesures incluent le chiffrement, le stockage\ + \ s\xE9curis\xE9 et les mises \xE0 jour p\xE9riodiques des mots de passe." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.18 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.18 name: Access rights + description: This control ensures access rights are regularly reviewed and managed + to align with roles and responsibilities. Measures include periodic audits, + access revocation, and automated access management. implementation_groups: - SoA translations: fr: name: "Droits d'acc\xE8s" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les droits d'acc\xE8\ + s sont r\xE9guli\xE8rement revus et g\xE9r\xE9s pour s'aligner sur les\ + \ r\xF4les et responsabilit\xE9s. Les mesures incluent des audits p\xE9\ + riodiques, la r\xE9vocation des acc\xE8s et la gestion automatis\xE9e\ + \ des acc\xE8s." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.19 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.19 name: Information security in supplier relationships + description: This control ensures information security is embedded in supplier + relationships and processes. Measures include due diligence, security reviews, + and ongoing monitoring. implementation_groups: - SoA translations: fr: name: "S\xE9curit\xE9 de l'information dans les relations avec les fournisseurs" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que la s\xE9curit\xE9\ + \ de l'information est int\xE9gr\xE9e dans les relations et processus\ + \ avec les fournisseurs. Les mesures incluent la diligence raisonnable,\ + \ les revues de s\xE9curit\xE9 et la surveillance continue." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.20 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.20 name: Addressing information security within supplier agreements + description: This control addresses information security requirements within + supplier agreements. Measures include explicit contract clauses, compliance + audits, and defined penalties for violations. implementation_groups: - SoA translations: fr: name: "La s\xE9curit\xE9 de l'information dans les accords conclus avec\ \ les fournisseurs" - description: null + description: "Cette mesure de s\xE9curit\xE9 aborde les exigences de s\xE9\ + curit\xE9 de l'information dans les accords avec les fournisseurs. Les\ + \ mesures incluent des clauses contractuelles explicites, des audits de\ + \ conformit\xE9 et des p\xE9nalit\xE9s d\xE9finies pour les violations." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.21 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.21 name: Managing information security in the ICT supply chain + description: This control manages information security risks in the ICT supply + chain to ensure security of services and components. Measures include risk + assessments, supplier evaluations, and incident response protocols. implementation_groups: - SoA translations: fr: name: "Gestion de la s\xE9curit\xE9 de l'information dans la cha\xEEne d'approvisionnement\ \ des technologies de l'information et de la communication (TIC)" - description: null + description: "Cette mesure de s\xE9curit\xE9 g\xE8re les risques de s\xE9\ + curit\xE9 de l'information dans la cha\xEEne d'approvisionnement TIC pour\ + \ garantir la s\xE9curit\xE9 des services et des composants. Les mesures\ + \ incluent des \xE9valuations des risques, des \xE9valuations des fournisseurs\ + \ et des protocoles de r\xE9ponse aux incidents." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.22 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.22 name: Monitor, review and change management of supplier services + description: This control ensures supplier services are monitored, reviewed, + and adjusted to maintain information security. Measures include service level + agreements, periodic reviews, and contract updates. implementation_groups: - SoA translations: fr: name: "Surveillance, r\xE9vision et gestion des changements des services\ \ fournisseurs" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les services des\ + \ fournisseurs sont surveill\xE9s, revus et ajust\xE9s pour maintenir\ + \ la s\xE9curit\xE9 de l'information. Les mesures incluent des accords\ + \ de niveau de service, des revues p\xE9riodiques et des mises \xE0 jour\ + \ contractuelles." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.23 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.23 name: Information security for use of cloud services + description: This control ensures the secure use of cloud services by addressing + associated risks. Measures include data encryption, access controls, and provider + compliance reviews. implementation_groups: - SoA translations: fr: name: "S\xE9curit\xE9 de l'information dans l'utilisation de services en\ \ nuage" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit l'utilisation s\xE9\ + curis\xE9e des services cloud en abordant les risques associ\xE9s. Les\ + \ mesures incluent le chiffrement des donn\xE9es, les contr\xF4les d'acc\xE8\ + s et les revues de conformit\xE9 des fournisseurs." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.24 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.24 name: Information security incident management planning and preparation + description: This control ensures proper planning and preparation for managing + information security incidents. Measures include incident response plans, + training exercises, and communication protocols. implementation_groups: - SoA translations: fr: name: "Planification et pr\xE9paration de la gestion des incidents de s\xE9\ curit\xE9 de l'information" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit une planification\ + \ et une pr\xE9paration ad\xE9quates pour la gestion des incidents de\ + \ s\xE9curit\xE9 de l'information. Les mesures incluent des plans de r\xE9\ + ponse aux incidents, des exercices de formation et des protocoles de communication." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.25 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.25 name: Assessment and decision on information security events + description: This control establishes processes for assessing and deciding on + actions related to information security events. Measures include root cause + analysis, risk evaluation, and mitigation plans. implementation_groups: - SoA translations: fr: name: "\xC9valuation des \xE9v\xE9nements de s\xE9curit\xE9 de l'information\ \ et prise de d\xE9cision" - description: null + description: "Cette mesure de s\xE9curit\xE9 \xE9tablit des processus pour\ + \ \xE9valuer et d\xE9cider des actions li\xE9es aux \xE9v\xE9nements de\ + \ s\xE9curit\xE9 de l'information. Les mesures incluent l'analyse des\ + \ causes profondes, l'\xE9valuation des risques et des plans d'att\xE9\ + nuation." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.26 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.26 name: Response to information security incidents + description: This control ensures effective response to information security + incidents to minimize impact and recover quickly. Measures include incident + reporting, escalation protocols, and containment strategies. implementation_groups: - SoA translations: fr: name: "R\xE9ponse aux incidents de s\xE9curit\xE9 de l'information" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit une r\xE9ponse efficace\ + \ aux incidents de s\xE9curit\xE9 de l'information pour minimiser l'impact\ + \ et r\xE9cup\xE9rer rapidement. Les mesures incluent le signalement des\ + \ incidents, des protocoles d'escalade et des strat\xE9gies de confinement." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.27 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.27 name: Learning from information security incidents + description: This control ensures lessons learned from information security + incidents are documented and implemented to improve processes. Measures include + post-incident reviews, action plans, and policy updates. implementation_groups: - SoA translations: fr: name: "Tirer des enseignements des incidents de s\xE9curit\xE9 de l'information" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les le\xE7ons\ + \ tir\xE9es des incidents de s\xE9curit\xE9 de l'information sont document\xE9\ + es et mises en \u0153uvre pour am\xE9liorer les processus. Les mesures\ + \ incluent des revues post-incidents, des plans d'action et des mises\ + \ \xE0 jour des politiques." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.28 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.28 name: Collection of evidence + description: This control ensures evidence is collected and preserved during + security incidents to support investigations. Measures include chain-of-custody + procedures, secure storage, and access controls. implementation_groups: - SoA translations: fr: name: Collecte de preuves - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les preuves sont\ + \ collect\xE9es et conserv\xE9es lors des incidents de s\xE9curit\xE9\ + \ pour soutenir les enqu\xEAtes. Les mesures incluent des proc\xE9dures\ + \ de cha\xEEne de conservation, le stockage s\xE9curis\xE9 et les contr\xF4\ + les d'acc\xE8s." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.29 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.29 name: Information security during disruption + description: This control ensures information security is maintained during + disruptions to guarantee continuity of operations. Measures include contingency + plans, backup systems, and failover mechanisms. implementation_groups: - SoA translations: fr: name: "S\xE9curit\xE9 de l'information pendant une perturbation" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que la s\xE9curit\xE9\ + \ de l'information est maintenue pendant les perturbations pour assurer\ + \ la continuit\xE9 des op\xE9rations. Les mesures incluent des plans de\ + \ contingence, des syst\xE8mes de sauvegarde et des m\xE9canismes de basculement." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.30 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.30 name: ICT readiness for business continuity + description: This control ensures ICT readiness for business continuity to minimize + downtime during disruptions. Measures include testing recovery plans, redundant + systems, and disaster recovery sites. implementation_groups: - SoA translations: fr: name: "Pr\xE9paration des TIC la continuit\xE9 d'activit\xE9" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit la pr\xE9paration\ + \ TIC pour la continuit\xE9 des activit\xE9s afin de minimiser les temps\ + \ d'arr\xEAt pendant les perturbations. Les mesures incluent des tests\ + \ de plans de reprise, des syst\xE8mes redondants et des sites de reprise\ + \ apr\xE8s sinistre." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.31 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.31 name: Legal, statutory, regulatory and contractual requirements + description: This control ensures compliance with legal, statutory, regulatory, + and contractual information security requirements. Measures include policy + reviews, audits, and evidence documentation. implementation_groups: - SoA translations: fr: name: "Exigences l\xE9gales, statutaires, r\xE9glementaires et contractuelles" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit la conformit\xE9 aux\ + \ exigences l\xE9gales, r\xE9glementaires et contractuelles en mati\xE8\ + re de s\xE9curit\xE9 de l'information. Les mesures incluent des revues\ + \ de politiques, des audits et la documentation des preuves." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.32 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.32 name: ' Intellectual property rights' + description: This control ensures intellectual property rights are protected + through appropriate information security measures. Measures include access + restrictions, encryption, and legal agreements. implementation_groups: - SoA translations: fr: name: " Droits de propri\xE9t\xE9 intellectuelle" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit la protection des\ + \ droits de propri\xE9t\xE9 intellectuelle par des mesures de s\xE9curit\xE9\ + \ de l'information appropri\xE9es. Les mesures incluent des restrictions\ + \ d'acc\xE8s, le chiffrement et des accords l\xE9gaux." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.33 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.33 name: Protection of records + description: This control ensures records are securely stored and protected + to prevent loss or unauthorized access. Measures include retention policies, + secure storage, and access controls. implementation_groups: - SoA translations: fr: name: Protection des enregistrements - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les enregistrements\ + \ sont stock\xE9s et prot\xE9g\xE9s de mani\xE8re s\xE9curis\xE9e pour\ + \ pr\xE9venir toute perte ou acc\xE8s non autoris\xE9. Les mesures incluent\ + \ des politiques de r\xE9tention, un stockage s\xE9curis\xE9 et des contr\xF4\ + les d'acc\xE8s." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.34 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.34 name: Privacy and protection of PII + description: This control protects privacy and ensures the secure handling of + personally identifiable information (PII). Measures include anonymization, + encryption, and compliance with privacy laws. implementation_groups: - SoA translations: fr: name: "Protection de la vie priv\xE9e et des donn\xE9es \xE0 caract\xE8\ re personnel (DCP)" - description: null + description: "Cette mesure de s\xE9curit\xE9 prot\xE8ge la confidentialit\xE9\ + \ et garantit le traitement s\xE9curis\xE9 des informations personnellement\ + \ identifiables (PII). Les mesures incluent l'anonymisation, le chiffrement\ + \ et la conformit\xE9 aux lois sur la confidentialit\xE9." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.35 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.35 name: Independent review of information security + description: This control ensures independent reviews of information security + to evaluate effectiveness and compliance. Measures include external audits, + risk assessments, and follow-up actions. implementation_groups: - SoA translations: fr: name: "R\xE9vision ind\xE9pendante de la s\xE9curit\xE9 de l'information" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit des revues ind\xE9\ + pendantes de la s\xE9curit\xE9 de l'information pour \xE9valuer l'efficacit\xE9\ + \ et la conformit\xE9. Les mesures incluent des audits externes, des \xE9\ + valuations des risques et des actions de suivi." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.36 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.36 name: Compliance with policies, rules and standards for information security + description: This control ensures compliance with all policies, rules, and standards + for information security. Measures include regular training, policy reviews, + and enforcement mechanisms. implementation_groups: - SoA translations: fr: name: "Conformit\xE9 aux politiques, r\xE8gles et normes de s\xE9curit\xE9\ \ de l'information" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit la conformit\xE9 \xE0\ + \ toutes les politiques, r\xE8gles et normes en mati\xE8re de s\xE9curit\xE9\ + \ de l'information. Les mesures incluent des formations r\xE9guli\xE8\ + res, des revues de politiques et des m\xE9canismes d'application." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.37 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5 ref_id: A.5.37 name: Documented operating procedures + description: This control develops and maintains documented operating procedures + to ensure consistency in security practices. Measures include process documentation, + version control, and accessibility. implementation_groups: - SoA translations: fr: name: "Proc\xE9dures d'exploitation document\xE9es" - description: null + description: "Cette mesure de s\xE9curit\xE9 d\xE9veloppe et maintient des\ + \ proc\xE9dures op\xE9rationnelles document\xE9es pour garantir la coh\xE9\ + rence des pratiques de s\xE9curit\xE9. Les mesures incluent la documentation\ + \ des processus, le contr\xF4le des versions et l'accessibilit\xE9." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.6 assessable: false depth: 2 @@ -1927,96 +2815,156 @@ objects: parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6 ref_id: A.6.1 name: Screening + description: This control ensures the implementation of screening processes + to verify the suitability of candidates before employment. Measures include + background checks, identity verification, and assessment of qualifications + to reduce security risks. implementation_groups: - SoA translations: fr: name: "S\xE9lection des candidats" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit la mise en \u0153\ + uvre de processus de v\xE9rification pour \xE9valuer l'ad\xE9quation des\ + \ candidats avant leur embauche. Les mesures incluent des v\xE9rifications\ + \ des ant\xE9c\xE9dents, la v\xE9rification d'identit\xE9 et l'\xE9valuation\ + \ des qualifications pour r\xE9duire les risques de s\xE9curit\xE9." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.2 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6 ref_id: A.6.2 name: Terms and conditions of employment + description: This control ensures that terms and conditions of employment include + information security responsibilities. Measures include explicit clauses about + confidentiality, compliance with policies, and consequences for breaches. implementation_groups: - SoA translations: fr: name: Termes et conditions du contrat de travail - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les termes et\ + \ conditions d'emploi incluent des responsabilit\xE9s en mati\xE8re de\ + \ s\xE9curit\xE9 de l'information. Les mesures incluent des clauses explicites\ + \ sur la confidentialit\xE9, le respect des politiques et les cons\xE9\ + quences des violations." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.3 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6 ref_id: A.6.3 name: Information security awareness, education and training + description: This control ensures that employees receive regular information + security awareness, education, and training. Measures include scheduled training + sessions, e-learning programs, and simulated phishing exercises. implementation_groups: - SoA translations: fr: name: "Sensibilisation, enseignement et formation en s\xE9curit\xE9 de l'information" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les employ\xE9\ + s re\xE7oivent une sensibilisation, une \xE9ducation et une formation\ + \ r\xE9guli\xE8res en mati\xE8re de s\xE9curit\xE9 de l'information. Les\ + \ mesures incluent des sessions de formation planifi\xE9es, des programmes\ + \ d'apprentissage en ligne et des exercices de phishing simul\xE9s." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.4 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6 ref_id: A.6.4 name: Disciplinary process + description: This control establishes a disciplinary process to address breaches + of information security policies. Measures include clear guidelines, escalation + procedures, and consistent enforcement to maintain accountability. implementation_groups: - SoA translations: fr: name: "Proc\xE9dure disciplinaire" - description: null + description: "Cette mesure de s\xE9curit\xE9 \xE9tablit un processus disciplinaire\ + \ pour traiter les violations des politiques de s\xE9curit\xE9 de l'information.\ + \ Les mesures incluent des lignes directrices claires, des proc\xE9dures\ + \ d'escalade et une application coh\xE9rente pour maintenir la responsabilit\xE9\ + ." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.5 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6 ref_id: A.6.5 name: Responsibilities after termination or change of employment + description: This control ensures that responsibilities related to information + security are defined and enforced after termination or role changes. Measures + include revoking access rights, collecting organizational assets, and conducting + exit interviews. implementation_groups: - SoA translations: fr: name: "Responsabilit\xE9s apr\xE8s la fin ou le changement d'emploi" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les responsabilit\xE9\ + s li\xE9es \xE0 la s\xE9curit\xE9 de l'information sont d\xE9finies et\ + \ appliqu\xE9es apr\xE8s la fin d\u2019un contrat ou un changement de\ + \ r\xF4le. Les mesures incluent la r\xE9vocation des droits d'acc\xE8\ + s, la r\xE9cup\xE9ration des actifs de l'organisation et la r\xE9alisation\ + \ d'entretiens de sortie." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.6 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6 ref_id: A.6.6 name: Confidentiality or non-disclosure agreements + description: This control implements confidentiality or non-disclosure agreements + to protect sensitive information. Measures include signed agreements at the + start of employment, periodic reminders, and enforcement of legal actions + in case of violations. implementation_groups: - SoA translations: fr: name: "Accords de confidentialit\xE9 ou de non-divulgation" - description: null + description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre des accords\ + \ de confidentialit\xE9 ou de non-divulgation pour prot\xE9ger les informations\ + \ sensibles. Les mesures incluent des accords sign\xE9s au d\xE9but de\ + \ l'emploi, des rappels p\xE9riodiques et l'application d'actions l\xE9\ + gales en cas de violations." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.7 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6 ref_id: A.6.7 name: Remote working + description: This control ensures the secure management of information security + risks during remote working. Measures include secure access to corporate systems, + mandatory use of VPNs, and policies for handling sensitive data remotely. implementation_groups: - SoA translations: fr: name: "Travail \xE0 distance" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit la gestion s\xE9curis\xE9\ + e des risques li\xE9s \xE0 la s\xE9curit\xE9 de l'information pendant\ + \ le t\xE9l\xE9travail. Les mesures incluent un acc\xE8s s\xE9curis\xE9\ + \ aux syst\xE8mes de l'entreprise, l'utilisation obligatoire de VPN et\ + \ des politiques pour la gestion des donn\xE9es sensibles \xE0 distance." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.8 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6 ref_id: A.6.8 name: Information security event reporting + description: This control ensures employees can promptly report information + security events. Measures include incident reporting channels, awareness campaigns, + and follow-up procedures to investigate and address reported events. implementation_groups: - SoA translations: fr: name: "D\xE9claration des \xE9v\xE9nements de s\xE9curit\xE9 de l'information" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les employ\xE9\ + s peuvent signaler rapidement les \xE9v\xE9nements de s\xE9curit\xE9 de\ + \ l'information. Les mesures incluent des canaux de signalement d'incidents,\ + \ des campagnes de sensibilisation et des proc\xE9dures de suivi pour\ + \ enqu\xEAter et traiter les \xE9v\xE9nements signal\xE9s." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7 assessable: false depth: 2 @@ -2035,168 +2983,258 @@ objects: parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7 ref_id: A.7.1 name: Physical security perimeters + description: This control establishes physical security perimeters to protect + critical areas from unauthorized access. Measures include barriers, access + controls, and monitoring systems to ensure only authorized individuals can + enter. implementation_groups: - SoA translations: fr: name: "P\xE9rim\xE8tres de s\xE9curit\xE9 physique" - description: null + description: "Cette mesure de s\xE9curit\xE9 \xE9tablit des p\xE9rim\xE8\ + tres de s\xE9curit\xE9 physique pour prot\xE9ger les zones critiques contre\ + \ les acc\xE8s non autoris\xE9s. Les mesures incluent des barri\xE8res,\ + \ des contr\xF4les d'acc\xE8s et des syst\xE8mes de surveillance pour\ + \ garantir que seules les personnes autoris\xE9es peuvent entrer." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.2 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7 ref_id: A.7.2 name: Physical entry + description: This control ensures physical entry points are controlled and monitored + to prevent unauthorized access. Measures include badge systems, security personnel, + and visitor logs. implementation_groups: - SoA translations: fr: name: "Les entr\xE9es physiques" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les points d'entr\xE9\ + e physiques sont contr\xF4l\xE9s et surveill\xE9s pour emp\xEAcher les\ + \ acc\xE8s non autoris\xE9s. Les mesures incluent des syst\xE8mes de badges,\ + \ du personnel de s\xE9curit\xE9 et des registres des visiteurs." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.3 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7 ref_id: A.7.3 name: Securing offices, rooms and facilities + description: This control ensures that offices, rooms, and facilities are secured + to protect information and resources. Measures include locked doors, restricted + areas, and surveillance systems. implementation_groups: - SoA translations: fr: name: "S\xE9curisation des bureaux, des salles et des installations" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les bureaux, les\ + \ pi\xE8ces et les installations sont s\xE9curis\xE9s pour prot\xE9ger\ + \ les informations et les ressources. Les mesures incluent des portes\ + \ verrouill\xE9es, des zones restreintes et des syst\xE8mes de surveillance." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.4 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7 ref_id: A.7.4 name: Physical security monitoring + description: This control implements physical security monitoring to detect + and respond promptly to threats. Measures include CCTV systems, motion detectors, + and real-time alerts. implementation_groups: - SoA translations: fr: name: "Surveillance de la s\xE9curit\xE9 physique" - description: null + description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre une surveillance\ + \ de la s\xE9curit\xE9 physique pour d\xE9tecter et r\xE9pondre rapidement\ + \ aux menaces. Les mesures incluent des syst\xE8mes de vid\xE9osurveillance,\ + \ des d\xE9tecteurs de mouvement et des alertes en temps r\xE9el." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.5 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7 ref_id: A.7.5 name: Protecting against physical and environmental threats + description: This control protects systems and resources from physical and environmental + threats. Measures include fire suppression systems, temperature controls, + and flood prevention barriers. implementation_groups: - SoA translations: fr: name: Protection contre les menaces physiques et environnementales - description: null + description: "Cette mesure de s\xE9curit\xE9 prot\xE8ge les syst\xE8mes\ + \ et les ressources contre les menaces physiques et environnementales.\ + \ Les mesures incluent des syst\xE8mes de suppression d'incendie, des\ + \ contr\xF4les de temp\xE9rature et des barri\xE8res anti-inondation." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.6 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7 ref_id: A.7.6 name: Working In secure areas + description: This control ensures that secure areas are managed to allow authorized + access only. Measures include access control systems, visitor escorts, and + activity monitoring. implementation_groups: - SoA translations: fr: name: "Travail dans les zones s\xE9curis\xE9es" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les zones s\xE9\ + curis\xE9es sont g\xE9r\xE9es pour permettre l'acc\xE8s uniquement aux\ + \ personnes autoris\xE9es. Les mesures incluent des syst\xE8mes de contr\xF4\ + le d'acc\xE8s, des escortes pour visiteurs et la surveillance des activit\xE9\ + s." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.7 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7 ref_id: A.7.7 name: Clear desk and clear screen + description: This control ensures sensitive information is not left exposed + by adopting clear desk and clear screen policies. Measures include locking + sensitive documents away and auto-locking screens when not in use. implementation_groups: - SoA translations: fr: name: "Bureau propre et \xE9cran vide" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les informations\ + \ sensibles ne sont pas laiss\xE9es expos\xE9es en adoptant des politiques\ + \ de bureau propre et d'\xE9cran clair. Les mesures incluent le verrouillage\ + \ des documents sensibles et le verrouillage automatique des \xE9crans\ + \ en cas d'inutilisation." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.8 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7 ref_id: A.7.8 name: Equipment siting and protection + description: This control ensures that equipment is positioned and protected + to prevent unauthorized access or damage. Measures include secure mounting, + locked cabinets, and restricted access areas. implementation_groups: - SoA translations: fr: name: "Emplacement et protection du mat\xE9riel" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les \xE9quipements\ + \ sont positionn\xE9s et prot\xE9g\xE9s pour pr\xE9venir les acc\xE8s\ + \ non autoris\xE9s ou les dommages. Les mesures incluent des montages\ + \ s\xE9curis\xE9s, des armoires verrouill\xE9es et des zones d'acc\xE8\ + s restreintes." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.9 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7 ref_id: A.7.9 name: Security of assets off-premises + description: This control ensures assets used or stored off-premises are secured + to maintain confidentiality and integrity. Measures include encryption, secure + transport, and access tracking. implementation_groups: - SoA translations: fr: name: "S\xE9curit\xE9 des actifs hors des locaux" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les actifs utilis\xE9\ + s ou stock\xE9s hors des locaux sont s\xE9curis\xE9s pour maintenir leur\ + \ confidentialit\xE9 et leur int\xE9grit\xE9. Les mesures incluent le\ + \ chiffrement, le transport s\xE9curis\xE9 et le suivi des acc\xE8s." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.10 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7 ref_id: A.7.10 name: Storage media + description: This control safeguards storage media to prevent unauthorized access + or tampering. Measures include secure storage, encryption, and access restrictions. implementation_groups: - SoA translations: fr: name: Supports de stockage - description: null + description: "Cette mesure de s\xE9curit\xE9 prot\xE8ge les supports de\ + \ stockage pour emp\xEAcher tout acc\xE8s ou alt\xE9ration non autoris\xE9\ + . Les mesures incluent le stockage s\xE9curis\xE9, le chiffrement et les\ + \ restrictions d'acc\xE8s." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.11 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7 ref_id: A.7.11 name: Supporting utilities + description: This control ensures that supporting utilities, such as power and + cooling systems, are reliable and protected from disruptions. Measures include + redundant systems and physical security. implementation_groups: - SoA translations: fr: name: Services supports - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les utilitaires\ + \ de soutien, tels que les syst\xE8mes d'alimentation et de refroidissement,\ + \ sont fiables et prot\xE9g\xE9s contre les perturbations. Les mesures\ + \ incluent des syst\xE8mes redondants et une s\xE9curit\xE9 physique." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.12 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7 ref_id: A.7.12 name: Cabling security + description: This control ensures that cables are secured to prevent unauthorized + interception or damage. Measures include protective conduits, proper labeling, + and secure routing. implementation_groups: - SoA translations: fr: name: "S\xE9curit\xE9 du c\xE2blage" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les c\xE2bles\ + \ sont s\xE9curis\xE9s pour pr\xE9venir toute interception ou tout dommage\ + \ non autoris\xE9. Les mesures incluent des conduits de protection, un\ + \ \xE9tiquetage appropri\xE9 et un routage s\xE9curis\xE9." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.13 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7 ref_id: A.7.13 name: Equipment maintenance + description: This control ensures that equipment is maintained to guarantee + proper functioning and prevent failures. Measures include regular servicing, + secure maintenance practices, and authorized personnel access. implementation_groups: - SoA translations: fr: name: "Maintenance du mat\xE9riel" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les \xE9quipements\ + \ sont maintenus pour assurer leur bon fonctionnement et pr\xE9venir les\ + \ pannes. Les mesures incluent un entretien r\xE9gulier, des pratiques\ + \ de maintenance s\xE9curis\xE9es et un acc\xE8s r\xE9serv\xE9 au personnel\ + \ autoris\xE9." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.14 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7 ref_id: A.7.14 name: Secure disposal or re-use of equipment + description: This control ensures the secure disposal or reuse of equipment + to protect sensitive information. Measures include data sanitization, physical + destruction, and certified disposal processes. implementation_groups: - SoA translations: fr: name: "\xC9limination ou recyclage s\xE9curis\xE9(e) du mat\xE9riel" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit l'\xE9limination ou\ + \ la r\xE9utilisation s\xE9curis\xE9e des \xE9quipements pour prot\xE9\ + ger les informations sensibles. Les mesures incluent la d\xE9sinfection\ + \ des donn\xE9es, la destruction physique et les processus de mise au\ + \ rebut certifi\xE9s." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 assessable: false depth: 2 @@ -2215,407 +3253,575 @@ objects: parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.1 name: User end point devices + description: This control ensures the protection of endpoint devices such as + laptops, desktops, and mobile devices by implementing security measures like + endpoint detection, encryption, and secure configurations to minimize risks. implementation_groups: - SoA translations: fr: name: Terminaux finaux des utilisateurs - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit la protection des\ + \ dispositifs de point de terminaison tels que les ordinateurs portables,\ + \ de bureau et les appareils mobiles en mettant en \u0153uvre des mesures\ + \ comme la d\xE9tection des terminaux, le chiffrement et des configurations\ + \ s\xE9curis\xE9es pour minimiser les risques." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.2 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.2 name: Privileged access rights + description: This control ensures that privileged access rights are granted, + managed, and monitored carefully to prevent misuse and enhance security. Measures + include role-based access controls, periodic reviews, and strict account management. implementation_groups: - SoA translations: fr: name: "Droits d'acc\xE8s privil\xE9gi\xE9s" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les droits d'acc\xE8\ + s privil\xE9gi\xE9s sont accord\xE9s, g\xE9r\xE9s et surveill\xE9s avec\ + \ soin pour pr\xE9venir les abus et renforcer la s\xE9curit\xE9. Les mesures\ + \ comprennent des contr\xF4les d'acc\xE8s bas\xE9s sur les r\xF4les, des\ + \ revues p\xE9riodiques et une gestion stricte des comptes." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.3 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.3 name: Information access restriction + description: This control restricts access to sensitive information based on + need-to-know principles. Measures include user authentication, role-based + permissions, and regular access reviews. implementation_groups: - SoA translations: fr: name: "Restriction d'acc\xE8s aux informations" - description: null + description: "Cette mesure de s\xE9curit\xE9 limite l'acc\xE8s aux informations\ + \ sensibles selon le principe du besoin d'en conna\xEEtre. Les mesures\ + \ incluent l'authentification des utilisateurs, les permissions bas\xE9\ + es sur les r\xF4les et des revues r\xE9guli\xE8res des acc\xE8s." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.4 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.4 name: Access to source code + description: This control secures access to source code by preventing unauthorized + viewing, modification, or exposure. Measures include version control, secure + repositories, and restricted developer access. implementation_groups: - SoA translations: fr: name: "Acc\xE8s aux codes source" - description: null + description: "Cette mesure de s\xE9curit\xE9 s\xE9curise l'acc\xE8s au code\ + \ source en emp\xEAchant la visualisation, la modification ou l'exposition\ + \ non autoris\xE9es. Les mesures incluent le contr\xF4le de version, les\ + \ d\xE9p\xF4ts s\xE9curis\xE9s et l'acc\xE8s restreint aux d\xE9veloppeurs." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.5 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.5 name: Secure authentication + description: This control implements strong authentication mechanisms, such + as multi-factor authentication, to verify user identities and prevent unauthorized + access. implementation_groups: - SoA translations: fr: name: "Authentification s\xE9curis\xE9e" - description: null + description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre des m\xE9\ + canismes d'authentification solides, tels que l'authentification multifacteur,\ + \ pour v\xE9rifier l'identit\xE9 des utilisateurs et emp\xEAcher les acc\xE8\ + s non autoris\xE9s." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.6 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.6 name: Capacity management + description: This control ensures system capacity is managed to provide adequate + performance and prevent disruptions. Measures include monitoring resource + usage and planning for future needs. implementation_groups: - SoA translations: fr: name: Dimensionnement - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que la capacit\xE9\ + \ des syst\xE8mes est g\xE9r\xE9e pour assurer des performances ad\xE9\ + quates et \xE9viter les perturbations. Les mesures incluent la surveillance\ + \ de l'utilisation des ressources et la planification des besoins futurs." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.7 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.7 name: Protection against malware + description: This control deploys measures like antivirus software, threat detection + tools, and regular updates to protect systems from malware and malicious attacks. implementation_groups: - SoA translations: fr: name: Protection contre les programmes malveillants (malware) - description: null + description: "Cette mesure de s\xE9curit\xE9 d\xE9ploie des mesures comme\ + \ des logiciels antivirus, des outils de d\xE9tection des menaces et des\ + \ mises \xE0 jour r\xE9guli\xE8res pour prot\xE9ger les syst\xE8mes contre\ + \ les logiciels malveillants et les attaques." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.8 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.8 name: Management of technical vulnerabilities + description: This control identifies, evaluates, and remediates technical vulnerabilities + promptly to minimize security risks. Measures include vulnerability scanning + and patch management. implementation_groups: - SoA translations: fr: name: "Gestion des vuln\xE9rabilit\xE9s techniques" - description: null + description: "Cette mesure de s\xE9curit\xE9 identifie, \xE9value et rem\xE9\ + die rapidement aux vuln\xE9rabilit\xE9s techniques pour minimiser les\ + \ risques de s\xE9curit\xE9. Les mesures incluent les analyses de vuln\xE9\ + rabilit\xE9s et la gestion des correctifs." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.9 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.9 name: Configuration management + description: This control ensures consistent management of system configurations + to maintain security settings and prevent unauthorized changes. implementation_groups: - SoA translations: fr: name: Gestion des configurations - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit une gestion coh\xE9\ + rente des configurations des syst\xE8mes pour maintenir des param\xE8\ + tres s\xE9curis\xE9s et pr\xE9venir les changements non autoris\xE9s." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.10 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.10 name: Information deletion + description: This control ensures sensitive information is securely deleted + when no longer required to prevent unauthorized recovery or exposure. implementation_groups: - SoA translations: fr: name: Suppression des informations - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les informations\ + \ sensibles sont supprim\xE9es de mani\xE8re s\xE9curis\xE9e lorsqu'elles\ + \ ne sont plus n\xE9cessaires pour \xE9viter toute r\xE9cup\xE9ration\ + \ ou exposition non autoris\xE9e." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.11 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.11 name: Data masking + description: This control protects sensitive information during processing or + display by using data masking techniques to obscure data from unauthorized + users. implementation_groups: - SoA translations: fr: name: "Masquage des donn\xE9es" - description: null + description: "Cette mesure de s\xE9curit\xE9 prot\xE8ge les informations\ + \ sensibles lors de leur traitement ou affichage en utilisant des techniques\ + \ de masquage des donn\xE9es pour les rendre inaccessibles aux utilisateurs\ + \ non autoris\xE9s." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.12 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.12 name: Data leakage prevention + description: This control implements mechanisms to prevent the accidental exposure + of sensitive data through email, removable media, or other channels. implementation_groups: - SoA translations: fr: name: "Pr\xE9vention de la fuite de donn\xE9es" - description: null + description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre des m\xE9\ + canismes pour emp\xEAcher l'exposition accidentelle des donn\xE9es sensibles\ + \ via des e-mails, des supports amovibles ou d'autres canaux." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.13 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.13 name: Information backup + description: This control ensures critical information is backed up regularly + and securely to ensure its availability in case of incidents or disasters. implementation_groups: - SoA translations: fr: name: Sauvegarde des informations - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les informations\ + \ critiques sont sauvegard\xE9es r\xE9guli\xE8rement et en toute s\xE9\ + curit\xE9 pour assurer leur disponibilit\xE9 en cas d'incidents ou de\ + \ catastrophes." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.14 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.14 name: Redundancy of information processing facilities + description: This control ensures redundancy is built into processing facilities + to maintain availability and operations during system failures or emergencies. implementation_groups: - SoA translations: fr: name: Redondance des moyens de traitement de l'information - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que la redondance\ + \ est int\xE9gr\xE9e dans les installations de traitement pour maintenir\ + \ la disponibilit\xE9 et les op\xE9rations en cas de d\xE9faillances ou\ + \ d'urgences." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.15 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.15 name: Logging + description: This control enables logging of activities within systems to support + monitoring, incident detection, and forensic investigations. implementation_groups: - SoA translations: fr: name: Journalisation - description: null + description: "Cette mesure de s\xE9curit\xE9 permet la journalisation des\ + \ activit\xE9s au sein des syst\xE8mes pour soutenir la surveillance,\ + \ la d\xE9tection des incidents et les enqu\xEAtes m\xE9dico-l\xE9gales." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.16 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.16 name: Monitoring activities + description: This control ensures the ongoing monitoring of system activities + to detect, respond to, and mitigate security threats. implementation_groups: - SoA translations: fr: name: "Activit\xE9s de surveillance" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit la surveillance continue\ + \ des activit\xE9s du syst\xE8me pour d\xE9tecter, r\xE9pondre et att\xE9\ + nuer les menaces \xE0 la s\xE9curit\xE9." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.17 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.17 name: Clock synchronization + description: This control ensures system clocks are synchronized to maintain + accurate and consistent timestamps for logs and other critical processes. implementation_groups: - SoA translations: fr: name: Synchronisation des horloges - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les horloges des\ + \ syst\xE8mes sont synchronis\xE9es pour maintenir des horodatages pr\xE9\ + cis et coh\xE9rents pour les journaux et d'autres processus critiques." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.18 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.18 name: Use of privileged utility programs + description: This control restricts and monitors the use of privileged utility + programs to prevent misuse and unauthorized actions. implementation_groups: - SoA translations: fr: name: "Utilisation de programmes utilitaires \xE0 privil\xE8ges" - description: null + description: "Cette mesure de s\xE9curit\xE9 restreint et surveille l'utilisation\ + \ des programmes utilitaires privil\xE9gi\xE9s pour pr\xE9venir les abus\ + \ et les actions non autoris\xE9es." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.19 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.19 name: Installation of software on operational systems + description: This control ensures software installation on operational systems + is managed securely to prevent vulnerabilities or unauthorized changes. implementation_groups: - SoA translations: fr: name: "Installation de logiciels sur des syst\xE8mes op\xE9rationnels" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que l'installation\ + \ de logiciels sur les syst\xE8mes op\xE9rationnels est g\xE9r\xE9e de\ + \ mani\xE8re s\xE9curis\xE9e pour \xE9viter les vuln\xE9rabilit\xE9s ou\ + \ les modifications non autoris\xE9es." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.20 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.20 name: Networks security + description: This control ensures network security through firewalls, intrusion + detection systems, and access controls to protect against unauthorized access + and attacks. implementation_groups: - SoA translations: fr: name: "S\xE9curit\xE9 des r\xE9seaux" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit la s\xE9curit\xE9\ + \ du r\xE9seau gr\xE2ce \xE0 des pare-feu, des syst\xE8mes de d\xE9tection\ + \ d'intrusion et des contr\xF4les d'acc\xE8s pour prot\xE9ger contre les\ + \ acc\xE8s non autoris\xE9s et les attaques." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.21 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.21 name: Security of network services + description: This control ensures network services are protected to maintain + confidentiality, integrity, and availability during use. implementation_groups: - SoA translations: fr: name: "S\xE9curit\xE9 des services r\xE9seau" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les services r\xE9\ + seau sont prot\xE9g\xE9s pour maintenir la confidentialit\xE9, l'int\xE9\ + grit\xE9 et la disponibilit\xE9 pendant leur utilisation." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.22 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.22 name: Segregation of networks + description: This control implements network segregation to limit the spread + of threats and minimize the impact of potential breaches. implementation_groups: - SoA translations: fr: name: "Cloisonnement des r\xE9seaux" - description: null + description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre la segmentation\ + \ des r\xE9seaux pour limiter la propagation des menaces et minimiser\ + \ l'impact des violations potentielles." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.23 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.23 name: 'Web filtering ' + description: This control uses web filtering tools to block unauthorized or + harmful content from being accessed over the internet. implementation_groups: - SoA translations: fr: name: 'Filtrage web ' - description: null + description: "Cette mesure de s\xE9curit\xE9 utilise des outils de filtrage\ + \ Web pour bloquer le contenu non autoris\xE9 ou nuisible accessible sur\ + \ Internet." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.24 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.24 name: Use of cryptography + description: This control ensures cryptographic techniques are applied to protect + data confidentiality, integrity, and authenticity. implementation_groups: - SoA translations: fr: name: Utilisation de la cryptographie - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que des techniques\ + \ cryptographiques sont appliqu\xE9es pour prot\xE9ger la confidentialit\xE9\ + , l'int\xE9grit\xE9 et l'authenticit\xE9 des donn\xE9es." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.25 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.25 name: Secure development life cycle + description: This control integrates security into all stages of the development + life cycle to ensure systems and applications are built securely. implementation_groups: - SoA translations: fr: name: "Cycle de vie de d\xE9veloppement s\xE9curis\xE9" - description: null + description: "Cette mesure de s\xE9curit\xE9 int\xE8gre la s\xE9curit\xE9\ + \ \xE0 toutes les \xE9tapes du cycle de vie du d\xE9veloppement pour garantir\ + \ que les syst\xE8mes et applications sont construits de mani\xE8re s\xE9\ + curis\xE9e." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.26 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.26 name: Application security requirements + description: This control defines and enforces security requirements for applications + to safeguard against vulnerabilities. implementation_groups: - SoA translations: fr: name: "Exigences de s\xE9curit\xE9 des applications" - description: null + description: "Cette mesure de s\xE9curit\xE9 d\xE9finit et applique des\ + \ exigences de s\xE9curit\xE9 pour les applications afin de prot\xE9ger\ + \ contre les vuln\xE9rabilit\xE9s." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.27 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.27 name: Secure system architecture and engineering principles + description: This control ensures secure design principles are adopted during + the development of system architectures. implementation_groups: - SoA translations: fr: name: "Principes d'ing\xE9nierie et d'architecture des syst\xE8mes s\xE9\ curis\xE9s" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que des principes\ + \ de conception s\xE9curis\xE9s sont adopt\xE9s lors du d\xE9veloppement\ + \ des architectures syst\xE8me." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.28 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.28 name: Secure coding + description: This control implements secure coding practices to minimize vulnerabilities + in developed software. implementation_groups: - SoA translations: fr: name: "Codage s\xE9curis\xE9" - description: null + description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre des pratiques\ + \ de codage s\xE9curis\xE9 pour minimiser les vuln\xE9rabilit\xE9s des\ + \ logiciels d\xE9velopp\xE9s." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.29 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.29 name: Security testing in development and acceptance + description: This control ensures security testing is conducted during development + and acceptance phases to identify weaknesses. implementation_groups: - SoA translations: fr: name: "Tests de s\xE9curit\xE9 dans le d\xE9veloppement et l'acceptation" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que des tests de s\xE9\ + curit\xE9 sont effectu\xE9s pendant les phases de d\xE9veloppement et\ + \ d'acceptation pour identifier les faiblesses." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.30 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.30 name: 'Outsourced development ' + description: This control ensures security risks are managed effectively when + development is outsourced to third-party vendors. implementation_groups: - SoA translations: fr: name: "D\xE9veloppement externalis\xE9 " - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les risques de\ + \ s\xE9curit\xE9 sont g\xE9r\xE9s efficacement lorsque le d\xE9veloppement\ + \ est externalis\xE9 \xE0 des fournisseurs tiers." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.31 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.31 name: Separation of development, test and production environments + description: This control ensures development, test, and production environments + are segregated to prevent unintended interactions and unauthorized access. implementation_groups: - SoA translations: fr: name: "S\xE9paration des environnements de d\xE9veloppement, de test et\ \ op\xE9rationnels" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les environnements\ + \ de d\xE9veloppement, de test et de production sont s\xE9par\xE9s pour\ + \ \xE9viter les interactions involontaires et les acc\xE8s non autoris\xE9\ + s." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.32 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.32 name: Change management + description: This control ensures changes to systems are managed securely to + minimize risks and maintain operational stability. implementation_groups: - SoA translations: fr: name: Gestion des changements - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les modifications\ + \ des syst\xE8mes sont g\xE9r\xE9es de mani\xE8re s\xE9curis\xE9e pour\ + \ minimiser les risques et maintenir la stabilit\xE9 op\xE9rationnelle." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.33 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.33 name: Test information + description: This control protects test data to prevent the exposure of sensitive + or confidential information during testing processes. implementation_groups: - SoA translations: fr: name: Informations de test - description: null + description: "Cette mesure de s\xE9curit\xE9 prot\xE8ge les donn\xE9es de\ + \ test pour \xE9viter l'exposition d'informations sensibles ou confidentielles\ + \ lors des processus de test." - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.34 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8 ref_id: A.8.34 name: Protection of information systems during audit testing + description: This control ensures that systems and data are safeguarded during + audits by preventing unauthorized access, data leakage, or disruptions. Measures + include using non-production environments, access restrictions, and confidentiality + agreements to maintain system security and integrity. implementation_groups: - SoA translations: fr: name: "Protection des syst\xE8mes d'information pendant les tests d'audit" - description: null + description: "Cette mesure de s\xE9curit\xE9 garantit que les syst\xE8mes\ + \ et les donn\xE9es sont prot\xE9g\xE9s pendant les audits en emp\xEA\ + chant les acc\xE8s non autoris\xE9s, les fuites de donn\xE9es ou les perturbations.\ + \ Les mesures incluent l'utilisation d'environnements non productifs,\ + \ des restrictions d'acc\xE8s et des accords de confidentialit\xE9 pour\ + \ pr\xE9server la s\xE9curit\xE9 et l'int\xE9grit\xE9 des syst\xE8mes." diff --git a/backend/library/libraries/itar compliance program guidelines.yaml b/backend/library/libraries/itar-compliance-program-guidelines.yaml similarity index 100% rename from backend/library/libraries/itar compliance program guidelines.yaml rename to backend/library/libraries/itar-compliance-program-guidelines.yaml diff --git a/tools/ITAR/ITAR Compliance Program Guidelines.xlsx b/tools/ITAR/ITAR-Compliance-Program-Guidelines.xlsx similarity index 100% rename from tools/ITAR/ITAR Compliance Program Guidelines.xlsx rename to tools/ITAR/ITAR-Compliance-Program-Guidelines.xlsx