Exchange of information

Objective: To maintain the security of information and software exchanged within an organisation and with any external entity.

Exchanges of information and software between organisations should be controlled and comply with any relevant legislation.

Information exchange policies and agreements

Formal agreements for the exchange of information and software should specify security controls.

Exchange agreements

Agreements should be put in place for exchange of information between the organisation and any external parties

Physical media in transit

Media containing organisational information in transit outside the organisational boundaries should be protected from loss, disclosure or misuse.

Electronic messaging

Controls should be applied where necessary, to reduce the business and security risks associated with electronic messaging

Business information systems

Clear policies and guidelines should be developed and implemented to control the business and security risks associated with the exchange of business information and interconnection of business systems.