| 💼 A.12.1 Operational procedures and responsibilities | 4 | | | | no data |
|  💼 A.12.1.1 Documented operating procedures | | | | | no data |
|  💼 A.12.1.2 Change management | | | | | no data |
|  💼 A.12.1.3 Capacity management | | | | | no data |
|  💼 A.12.1.4 Separation of development, testing and operational environments | | | | | no data |
| 💼 A.12.2 Protection from malware | 1 | 7 | 7 | | no data |
|  💼 A.12.2.1 Controls against malware | | 7 | 7 | | no data |
| 💼 A.12.3 Backup | 1 | 1 | 2 | | no data |
|  💼 A.12.3.1 Information backup | | 1 | 2 | | no data |
| 💼 A.12.4 Logging and monitoring | 4 | 17 | 21 | | no data |
|  💼 A.12.4.1 Event logging | | 16 | 18 | | no data |
|  💼 A.12.4.2 Protection of log information | | 1 | 3 | | no data |
|  💼 A.12.4.3 Administrator and operator logs | | 8 | 8 | | no data |
|  💼 A.12.4.4 Clock synchronisation | | | | | no data |
| 💼 A.12.5 Control of operational software | 1 | 5 | 5 | | no data |
|  💼 A.12.5.1 Installation of software on operational systems | | 5 | 5 | | no data |
| 💼 A.12.6 Technical vulnerability management | 2 | 7 | 7 | | no data |
|  💼 A.12.6.1 Management of technical vulnerabilities | | 7 | 7 | | no data |
|  💼 A.12.6.2 Restrictions on software installation | | | | | no data |
| 💼 A.12.7 Information systems audit considerations | 1 | | | | no data |
|  💼 A.12.7.1 Information systems audit controls | | | | | no data |