S/N	IT security domain	Security controls measures	Information States	Controls category
				According to nature	Controls relative to time
				According to nature	Deterrent	Detective	Preventive	Corrective
i. 1	Information security policy	Information Security Policy approved by the top executive or board of trustee; and operational.	Capturing, Processing, Storage, Transmission	Administrative control	√	√	√	√
ii. 2	Organisational of information security	Chief Information Security Officer (CISO) or equivalent job responsibilities assigned.	Capturing, Processing, Storage, Transmission	Administrative control	√	√	√	√
ii (a)	Internal organisation	Roles and responsibilities allocated to individuals	Capturing, Processing, Storage, Transmission	Administrative control	√	√	√	√
ii (b)	Mobile devices and teleworking	Policies and controls for mobile devices (such as laptops, tablet PCs, wearable)	Capturing, Processing, Storage, Transmission	Administrative control	√	√	√	√
iii. 3	Human resources security	Policy for human resources security in place.	Capturing, Processing, Storage, Transmission	Administrative control	√	√	√	√
iv. 4	Asset management	Asset management Policy in place.	Capturing, Processing, Storage, Transmission	Administrative control	√	√	√	√
iv (a)	Information classification and labelling	Information classified and labelled according to the security protection needed, and handled appropriately.	Capturing, Processing, Storage, Transmission	Administrative control	√	√	√	√