ISO/IEC 27001 Control 5.14: Information transfer
Control
Information transfer rules, procedures, or agreements should be in place for all types of transfer facilities within the organization and between the organization and other parties.
Necessity of MidPoint
MidPoint is optional for implementation of this control.
Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.
Implementation Overview
MidPoint can use classifications and policy rules to limit and partially control information transfer.
Implementation Details
Policy rules can prohibit access to internal information to external users, or it may require appropriate non-disclosure agreements in place (in a form of clearance).
Documentation
| Version | Title | Description |
|---|---|---|
| Development | Information Classification and Clearances | Description of an idea for limiting access to internal information using classification scheme |
| 4.8 | Information Classification and Clearances | Description of an idea for limiting access to internal information using classification scheme |
Related Features
Related Controls
-
ISO/IEC 27001 5.10: Acceptable use of information and other associated assets
-
ISO/IEC 27001 5.31: Legal, statutory, regulatory and contractual requirements
-
ISO/IEC 27001 5.19: Information security in supplier relationships
-
ISO/IEC 27001 5.20: Addressing information security within supplier agreements
-
ISO/IEC 27001 5.21: Managing information security in the ICT supply chain