When to use this
Use this review before contracting, renewing, or materially changing a network service.
Related controls
- A.8.21 Security of Network Services
- A.5.20 Addressing Information Security Within Supplier Agreements
- A.5.30 ICT Readiness for Business Continuity
Review table
| Requirement | Needed? | Provider feature/SLA | Evidence | Gap | Decision |
|---|---|---|---|---|---|
| Encryption | TBD | TBD | TBD | TBD | Accept / Mitigate / Reject |
| Authentication/access control | TBD | TBD | TBD | TBD | Accept / Mitigate / Reject |
| Logging/monitoring | TBD | TBD | TBD | TBD | Accept / Mitigate / Reject |
| Incident notification | TBD | TBD | TBD | TBD | Accept / Mitigate / Reject |
| Availability/failover | TBD | TBD | TBD | TBD | Accept / Mitigate / Reject |
| Change notification | TBD | TBD | TBD | TBD | Accept / Mitigate / Reject |
Minimum checks
- Confidentiality needs considered.
- Integrity needs considered.
- Availability needs considered.
- Provider limitations documented.
- Compensating controls or risk acceptance recorded.
- Template
- Iso27001
- Technological controls
- Network services
- Sla
Note Metadata
Aliases: Network Service SLA Review
Source: 90 Templates/Network Service SLA and Security Feature Review.md
Related Notes
- ISO 27001 A.5.20 - Addressing Information Security Within Supplier Agreements
- ISO 27001 A.5.30 - ICT Readiness for Business Continuity
- A.8.21 Audit Evidence Pack
- ISO 27001 A.8.21 - Security of Network Services
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- A.8.21 Audit Checklist
- Templates MOC