Professional Documents
Culture Documents
The objective of the check list is to assess the Information Security controls available in your organization
The check list items are not relevant to the solution/system/product you are proposing to Robi Axiata
Only one tab of this document need to be filled. The appropriate tab need to be selected based on type of solution/system/product provided to Robi Axiata
As best possible, ensure the questions are answered by the most appropriate individual in your organization
Third Party S
Fill this tab if you provide/intend to provide systems (applications, IT/Telecom network and inform
o Title of the equipment/user license is owned by Robi
o Payments are managed via annual Operational Expenditures (OpEx)
o Robi is responsible for providing first level support
o Robi is responsible for handling customer complaints
These systems will be located within Robi premises and vendors may have physical access to the s
Asset management 2
Access control 4
7
Communications security
8
10
System acquisition,
development and maintenance
11
Incident management 12
Compliance 13
14
Human Resource Security
15
Third Party Services for Robi Owned Sy
d to provide systems (applications, IT/Telecom network and information/information systems) where :
nse is owned by Robi
ual Operational Expenditures (OpEx)
first level support
customer complaints
hin Robi premises and vendors may have physical access to the same. The vendor may also have remote acc
Requirements
Is there a documented access management procedure for granting and revoking access ?
Is the traffic between intenel networks and internet restricted though firewalls ?
Is internal networks segrigated and trafic between networks controlled in a suitable manner ?
Is there a documented Incident Management Procedure to report ,escalate and resolve information security i
Is a pre-employment verification process followed to check qualifications / experience and criminal check for