This Statement of Applicability has been issued by the Security Council of the Asian School of Cyber Laws to indicate briefly the controls adopted by it for information security control and administration.

2.0 CONTROLS PROVIDED

As per the British Standard BS - 7799:2002, the following controls have been selected and implemented in this organization for effectively maintaining the information security needs.

1. ASCL Information Security Management System - Control A.3.1.1

2. Creation of ASCL Security Council for management of security initiatives - Control A.4.1.1

3. Security of third party access to information assets and Service Level Agreement (SLA) with third parties for information sharing and disclosure policies. - Control A.4.2.1

4. Inventory of assets and classification of assets as per sensitivity and significance - Control A.5.1.1 & A.5.2.1 / 5.2.2

5. Reporting of security incidents ad management review of security administration - Control A.6.3

6. Physical access security and equipment security - Controls A.7.1 & A.7.3

7. Detection and prevention of malicious software and bugs - Control A.8.3.1

8. Control of network security and traffic control over the network - Control A.8.5.1 & A.9.4

9. User Access management for multi-user access to information - Control A.9.2.1 & A.9.3

10. Use of Remote dial-in, Mobile and Wireless Devices - Control A.9.8

11. Installing, maintaining and monitoring Servers and conducting system audits Control A.10.1 & A.10.4

12. Use of cryptography for secure information exchange and protection of sensitive assets. - Control A.10.3

13. Business continuity and disaster recovery planning - Control A.11.1

14. Compliance with legal and regulatory norms - Control A.12.1

3.0 REVISION HISTORY

This document is created on 12-02-2002 and has been last updated on 22-02-2003. Please note that this document is updated on a regular basis and the latest version can be obtained from: