| 💼 A.12.1 Operational procedures and responsibilities | 4 | | | |
|     💼 A.12.1.1 Documented operating procedures | | | | |
|     💼 A.12.1.2 Change management | | | | |
|     💼 A.12.1.3 Capacity management | | | | |
|     💼 A.12.1.4 Separation of development, testing and operational environments | | | | |
| 💼 A.12.2 Protection from malware | 1 | | | |
|     💼 A.12.2.1 Controls against malware | | 7 | 7 | |
| 💼 A.12.3 Backup | 1 | | | |
|     💼 A.12.3.1 Information backup | | | 1 | |
| 💼 A.12.4 Logging and monitoring | 4 | | | |
|     💼 A.12.4.1 Event logging | | 15 | 18 | |
|     💼 A.12.4.2 Protection of log information | | 1 | 2 | |
|     💼 A.12.4.3 Administrator and operator logs | | 7 | 8 | |
|     💼 A.12.4.4 Clock synchronisation | | | | |
| 💼 A.12.5 Control of operational software | 1 | | | |
|     💼 A.12.5.1 Installation of software on operational systems | | 5 | 5 | |
| 💼 A.12.6 Technical vulnerability management | 2 | | | |
|     💼 A.12.6.1 Management of technical vulnerabilities | | 7 | 7 | |
|     💼 A.12.6.2 Restrictions on software installation | | | | |
| 💼 A.12.7 Information systems audit considerations | 1 | | | |
|     💼 A.12.7.1 Information systems audit controls | | | | |