Currently, there exist a wide variety of rules and standards that organizations must comply with.
SMARTFENSE gives direct compliance with the mandatory requirements of the following rules.
ISO/IEC 27001:2013 - Annex A / 27002
- 7.2.2 - Information security awareness, education and training.
- 9.9.3 - Train the personnel to detect signs of tampering or replacement in devices. The training should cover the following:
- 9.9.3.a - Review the training material (coverage)
- 9.9.3.b - Verify that you have received the training and that you know the procedures.
- 12.6.1 - Train the personnel immediately after hiring it and, at least, once a year.
- 12.6.1.a - Verify that the security awareness program provides diverse methods.
- 12.6.1.b - Verify that the personnel attend the security awareness program when hired and, at least, once a year.
- 12.6.1.c - Verify that they have done the awareness training and that they know the importance of data security of the cardholder.
Communication “A” 5374 from BCRA
- 6.2 - Entities must have the functionality and purpose described in the reference process and inform this Central Bank of the organic and operational structure and interrelations that correspond to their organizations:
- 6.2.1 - Awareness and Training: process related to the acquisition and delivery of knowledge in security practices, its dissemination, training and education for the development of preventive, detective and corrective tasks of security incidents in electronic Channels (enunciated in 6.1).
- 220.127.116.11 - Within tasks of security management, and regardless of the area, people or third parties who are responsible for task functions and running, entities must have functions and tasks related to the following security processes for their electronic Channels:
- 18.104.22.168.1 - Awareness and Training. In addition to what is indicated in point 6.2.1, entities must have an annual information security awareness and training program, measurable and verifiable, whose contents covers all internal and external needs in progress, knowledge, prevention and complaint of incidents, escalation and responsibility of electronic Channels they have.
- 6.7.1 - Awareness and Training minimum requirements Table (RCC).