ISO127001

Requirements and setup of security software (Firewall, Anti-Virus, etc.)

Set of rules that must be implemented within the company

Establishing an information security management system

Handling of physical documents

Implement and constantly practice the process of protecting information

Acquire a security software package and install it within the organization

Hire a data protection company that will monitor and prevent intrusions and attacks

Employees private data (bank accounts, salary statements, home addresses)

Starred company data (clients and suppliers, stakeholders, investor data, etc.)

All of the information mentioned in every other answer

Client (contracts, employees emails, etc.) and Respondent data (emails, IP addresses, answers, etc.)

All clients will be required to conform with the policies and procedures, established by the ISO127001

Better protection of client information and higher chances of acquiring new clients

ISO127001 has no effect on our current and future clients

Starred will be required to submit a quarterly ISO127001 report to every client

Services (websites) listed in the ISO127001 policy

Using MFA (2FA) is considered a bad practice

Finance-related products only

Every service (website) that supports it

Only the data that is currently required in relation to tasks at hand

ISO127001 doesn't restrict types of information stored on my notebook

All company data I have access to according to the security policies

Both company data and my private information

No, ISO127001 policies do not require data access separation

No, separating access to data (information) compromises information security

Yes, based on employees personal decision

Yes, based on CIA classification

During mission critical meetings and sales

Never. Login and (any private information) may be used only on company laptop

After making sure the client's (or public) device has appropriate anti-virus software installed

Only if the owner of the device is trustworthy

This policy is a recommendation and is not enforced by ISO127001

Notebook must be locked only if leaving it for more than 10 minutes. Documents should be turned face down to prevent others from seeing the contents.

Only management must make sure to lock their notebooks if going away and lock documents in a lockable drawer

Every employee must lock their notebooks if going away and lock documents in a lockable drawer

Both requirement must be met - more than 8 characters and at least 1 special character

Something personal to me like a pet name or mother's maiden name or my favorite football team

As long as one requirement is met - either more than 8 characters or at least 1 special character

Password must be picked from the list, provided by the ISO127001 policy

4G and a password-protected WiFi are both good

Wifi is preferred. 4G may be used but only in combination with a VPN

4G is preferred. Wifi may be used but only in combination with a VPN.

Any network because modern systems enforce encryption

Every employee including myself

ISO127001 auditor, after granting the certification to Starred

Information protection is automated and requires no effort from employees

Security department and management

All employees

Top management

Security department

All employees, freelancers and suppliers

Data transfer is not restricted as long as reliable network is used

Data transport is prohibited at all times

Minimize the transport and use only secure, encrypted network

No restrictions because modern communication technologies and services provide reliable protection

Only when visiting clients or working in public spaces

Always apply both at work and at home

When deemed necessary at my own discretion

Anywhere outside the office