Scope
The scope of this SoA includes all processes, technology, and locations of AppCan Ltd, unless explicitly stated otherwise.
Risk Assessment
The risk assessment process has identified several risks to the confidentiality, integrity, and availability of information within the scope. These risks have been evaluated based on their potential impact and likelihood of occurrence.
Control Selection
The following controls have been selected from Annex A to mitigate the identified risks:
- A.5: Information security policies
- A.6: Organization of information security
- A.7: Human resource security
- A.8: Asset management
- A.9: Access control
- A.10: Cryptography
- A.11: Physical and environmental security
- A.12: Operations security
- A.13: Communications security
- A.14: System acquisition, development and maintenance
- A.15: Supplier relationships
- A.16: Information security incident management
- A.17: Information security aspects of business continuity management
- A.18: Compliance
