Resources
Everything you need to know
Company
Security and customers first
Close

Request a demo

Find out today the difference that Hicomply’s unique solution can make to your business.

Close

Thank you for your request

Success

In the meantime, connect with Hicomply for insights on authentication and fraud prevention

Close

ROI Calculator

See how much you could save with Hicomply

Hicomply feature Yearly saving
Automated scoping Easily scope your ISMS with the Hicomply platform
Asset register autogeneration A shorter learning curve for organisations and a simplified process
Risk assessment Autogenerate your risk register and risk treatment plan
Extended policy templates 90% of the essential are already written out of the box
Controls framework All controls are pre-loaded and already linked to the risks they mitigate
Task management Automate all actions, administration and setup time of your ISMS
Real time monitoring Understand status and progress across your ISMS with the Hicomply dashboard
Compliance & Training Your whole team, on the same page
Audit readiness Hicomply makes sure you have everything in place for your audit
Auditor access Give auditors a dedicated login to access and audit your ISM
Back to Resource Hub

ISO 27001 Annex A.13: Communications Security

A.13.1 Network Security Management

This area addresses issues with network security management and involves matters concerning data transfers, to ensure that conditions that preserve data confidentiality, integrity and availability are in place.

A.13.1.1 Network controls

Data stored and transferred through company networks needs protection against access, interception, corruption and other possible threats. You should understand all the business needs, risks and assets associated with networking

Permitting outsiders to access your networks will increase the number of threats to the company. Your plan should account for both internal and external access risks.

Relevant controls include but are not limited to

  • Firewalls and prevention systems
  • Access control lists
  • Connection controls
  • End point verifications
  • Network segregation

A.13.1.2 Security of network services

Based on the risk assessment, you should implement security measures to safeguard the data transmitted using network service. Network service agreements must consider business requirements, security requirement and possible threats to have controls to reduce your vulnerabilities.

A.13.1.3 Segregation in networks

Different users and information networks should be segregated across the system. Having separate domains for public access, departmental use, critical systems and management use. This is a much safer method than having all services share the same operations.

A.13.2 Information Transfer

A.13.2.1 Information transfer policies and procedures

Policies are required to support the safe transfer of data between parties across your network. Your standards should support the different types and ensure that there are transfer policies and procedures in place to manage these risks. .

A.13.2.2 Agreements on information transfer

Agreements between your company and third-party representatives must clearly communicate the need to maintain the confidentiality and integrity of all data sent or received on either end.

Both physical and digital copies of information should be protected against loss or viability and align to the requirements included in the agreements based on their classification.

A.13.2.3 Electronic messaging

Any data transferred via digital messaging systems needs to be safeguarded against online threats and aligned to the policy requirements around acceptable forms of e-messaging for different types of information.

High risk or confidential financial information should never be transferred through electronic communication channels unless strong protection is applied as they are at risk of identity theft or fraud.

This protection includes end to end encryption, masking and monitoring of the transmission.

A.13.2.4 Confidentiality or non-disclosure agreements

Non-disclosure agreements are must haves for any institution serious about data protection. Be sure to explain the needs and rights of your company to preserve all forms of data confidentiality. Your contract should be drafted and approved by management and the terms regularly reviewed, amended and updated

Standard forms of nondisclosure agreements may fall under the following categories:

  • general or mutual non-disclosure
  • terms and conditions of customer use
  • associate supplier or partner agreements
  • employment contracts
  • privacy policies.

More Resource Hub

ISO27001
SOC 2 Policies and Procedures
ISO27001
What Is The NHS Data Security and Protection…
ISO27001
Whitepaper | How To Choose The Best Information…