> For the complete documentation index, see [llms.txt](https://mims.oascities.org/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://mims.oascities.org/securing-data/pre-and-post-requisites.md). # Pre- and Post-Requisites ## Introduction Here, we describe pre- and post-requisites that this MIM on Securing Data is dependent upon. They are based on ISO 27001 and the numbers below refer to the numbers found in the ISO 27001 Annex A tables. We assume that most of these will be handled by other foundational MIMs. This needs to be further explored in summer/fall 2025. ### Pre-Requisites 5.10 Acceptable use of information and other associated assets \ Control\ Rules for the acceptable use and procedures for handling information and other associated assets shall be identified, documented and implemented. 5.12 Classification of information\ Control\ Information shall be classified according to the information security needs of the organization based on confidentiality, integrity, availability and relevant interested party requirements. 5.14 Information transfer\ Control\ Information transfer rules, procedures, or agreements shall be in place for all types of transfer facilities within the organization and between the organization and other parties. 8.3 Information access restriction\ Control\ Access to information and other associated assets shall be restricted in accordance with the established topic-specific policy on access control. 8.12 Data leakage prevention\ Control\ Data leakage prevention measures shall be applied to systems, networks and any 8.15 Logging\ Control\ Logs that record activities, exceptions, faults and other relevant events shall be produced, stored, protected and analysed. 8.16 Monitoring activities\ Control\ Networks, systems and applications shall be monitored for anomalous behaviour and appropriate actions taken to evaluate potential information security incidents. 8.21 Security of network services\ Control\ Security mechanisms, service levels and service requirements of network services shall be identified, implemented and monitored. 8.27 Secure system architecture and engineering principles\ Control\ Principles for engineering secure systems shall be established, documented, maintained and applied to any information system development activities. ### Post-Requisites 5.28 Collection of evidence\ Control\ The organization shall establish and implement procedures for the identification, collection, acquisition and preservation of evidence related to information security events. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://mims.oascities.org/securing-data/pre-and-post-requisites.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.