TXA Form
TXA Form
TXA Form
4)
1.3.2 To what extent are information assets classified and managed in terms
of their protection needs?
2.1.1 To what extent is the suitability of employees for sensitive work fields
ensured?
Information classification ❒
Comments
Up-to-date and periodically reviewed procedure for identifying, analyzing and evaluating risk
in the ISMS.
Evidence of the competence of the staff involved in the management of the ISMS.
☒ security zones map (area / buildings / rooms / parking and parking for test or prototype
cars) based on the risk analysis for the location,
☒ adequate protection measures: rules for granting / withdrawing access rights, behavior in
zones, bringing in and using portable IT mobile devices,
☒ people, who are in individual security zones are aware of the rules for use and behavior.
Documented in the form of an up-to-date and periodically reviewed internal regulation of the
company on the management of access rights, access control, applicable rules, the method of
requesting, processing and approving access rights, roles and responsibilities in this process.
Documents confirming the cyclical nature of the process together with the results of the last
completed access rights review for regular, privileged and technical accounts.
☒ A detailed description of the risk analysis process of the company's suppliers and partners,
or a description of the due diligence process (if it includes an information security risk
analysis).
☒ Sample contract with sample suppliers.
☒ Risk analysis, selection, verification, approval and implementation of external vendors and
partners.
☒ Documented provision of guidelines on the adopted principles of maintaining information
security for partners and suppliers.