Ibcom Iso-iec 27001 Soa Oct2013

ISO/IEC 27001 Statement of Applicability

ibCom management attest that following controls are in p lace in regards to risks relating to confidentiality, integrity and availability of customer data stored on the ibCom mydigitalstructure platform. Mark Byers Chief Risk Officer, October 2013

!"#"$%&%#' )*+%,'*-# .-+ *#.-+&"'*-# /%,0+*'1 "#$#$

%&'()(*+ ,&(.,&-/01(&. +*)2-(13

%0-1 &, 14* */5'&3/*.1 )&.1-0)1#

"#$#6

7*8(*9 &, 14* 5&'()(*+ ,&(.,&-/01(&. +*)2-(13

:&.14'3 -*8(*9 0.; -*#$#$

?.,&-/01(&. +*)2-(13 -&'*+ 0.; -*+5&.+(=('(1(*+

(=@&/A+ @4(*, 7(+B C,,()*- D@7CE )&.1-&'+ 0'' -&'*+#

>#$#6

F*G-*G01(&. &, ;21(*+

C.'3 &5*-01(&.0' */5'&3**+ 408* 0))*++ 1& ;010#

>#$#H

@&.10)1 9(14 0214&-(1(*+

7*+5&.+(=('(13 &, @7C#

>#$#I

@&.10)1 9(14 +5*)(0' (.1*-*+1 G-&25+#

7*+5&.+(=('(13 &, @7C#

>#$#"

?.,&-/01(&. +*)2-(13 (. 5-&J*)1 /0.0G*/*.1 

K'' 5-&J*)1+ -*'01(.G 1& 0 5&1*.1(0' )40.G* (. 14* 5'01,&-/ 408* (.,&-/01(&. +*)2-(13 0+ 0 ,(-+1 )'0++ )(1(L*.#

!-5*3% )%6*,%/ 7 '%3%8-+9*#$ >#6#$

:&=('* ;*8()* 5&'()3

K'' 0))*++ 1& KMF (.,-0+1-2)12-* &. 0 /&=('* ;*8()* (+ 0'+& 5-&1*)1*; 8(0 6 ,0)1&- 0214*.1()01(&. 0.;N&- ?% 0;;-*++ -*+1-()1(&.+#

ISO/IEC 27001 Statement of Applicability

>#6#6

O*'*9&-B(.G

P& ;010 (+ +1&-*; 01 1*'*9&-B(.G +(1*+#

:+*-+ '- %&;3-1&%#'  Q#$#$

F)-**.(.G

K+ (1+ ,(-+1 /*0+2-*R (=@&/ 2+*+ 8*-3 ,*9 */5'&3**+ 1401 408* 0))*++ 1& )2+1&/*- ;010# O& G*1 0))*++ 1& )2+1&/*- ;010 0. */5'&3** /2+1 408* 0 /(.(/2/ &, &.* D$E 3*0-+ *S5*-(*.)* 9(14 (=@&/ &- 0. *T2(80'*.1 9*'' 5-&8*. +*-8()*#

Q#$#6

O*-/+ 0.; )&.;(1(&.+ &, */5'&3/*.1 

?.,&-/01(&. +*)2-(13 (+ 01 14* 4*0-1 &, 14* (=@&/ */5'&3/*.1 )&.1-0)1 < (.)'2;(.G 5&+1 */5'&3/*.1#

"#)3*#$ X#H#$

:0.0G*/*.1 &, -*/&80='* /*;(0

7*/&80='* /*;(0 (+ .&1 0''&9*; &. &5*-01(&.0' 0++*1+#

X#H#6

V(+5&+0' &, /*;(0

+"( ,--./#,0.&

X#H#H

%43+()0' /*;(0 1-0.+,*-

+"( ,--./#,0.&

@0/*#%// +%A0*+%&%#'/ -. ",,%// ,-#'+-3 \#$#$

K))*++ )&.1-&' 5&'()3

?.,&-/01(&. (+ )&.1-&''*; 9(14(. KMF 0.; /3;(G(10'+1-2)12-* 2+(.G (.4*-*.1 0))*++ )&.1-&' ,2.)1(&.0'(13#

\#$#6

K))*++ 1& .*19&-B+ U .*19&-B +*-8()*+

K'' B*3 (.,&-/01(&. (+ +1&-*; (. ( . (.1*-.*1 =0+*; +*)2-* +1&-*+R 2+(.G *.)-351*; 0))*++ 5-&1&)&'+ < .& /*0+2-*+ .**;*; 1& )&.1-&' 14(+ -(+B#

B/%+ ",,%// &"#"$%&%#' 

ISO/IEC 27001 Statement of Applicability

\#6#$

W+*-*G(+1-01(&. U ;*#6

7*+1-()1(&.+ &. +&,190-* (.+10''01(&.

!"#$%&'(&) 

2#.-+&"'*-# /1/'%&/ "0)*' ,-#/*)%+"'*-#/ $6#Q#$

?.,&-/01(&. +3+1*/+ 02;(1 )&.1-&'+

K'' 8*-(,()01(&. 5-&)*++ 0-* )0-*,2''3 )&.1-&''*; 0.; 2+* `/(--&-` (/0G*+#

H%'8-+9 /%,0+*'1 &"#"$%&%#' 

ISO/IEC 27001 Statement of Applicability

$H#$#$

P*19&-B )&.1-&'+

K'' .*19&-B+ 0-* 5-&1*)1*; 2+(.G ,(-*90''+# 1&2&3  456 7&#$3/(8 #"%-./,'#& #"%-./,'#&

$H#$#6

F*)2-(13 &, .*19&-B +*-8()*+

1&2&3 456 7&#$3/(8 #"%-./,'#&

$H#$#H

F*G-*G01(&. (. .*19&-B+

K'' (=@&/ L&.*+ D'0=R &5*-01(&.+R *.G0G*/*.1E 2+* (+&'01*; .*19&-B+#

2#.-+&"'*-# '+"#/.%+ $H#6#$

?.,&-/01(&. 1-0.+,*- 5&'()(*+ U 5-&)*;2-*+

1&2&3 456 7&#$3/(8 #"%-./,'#&

$H#6#6

KG-**/*.1+ &. (.,&-/01(&. 1-0.+,*-

K'' (.,&-/01(&. (+ +*)2-*; =3 *.)-351(&. &8*- 14* 9(-*#

$H#6#H

_'*)1-&.() /*++0G(.G

K'' 4(G4'3 +*.+(1(8* (.,&-/01(&. )0. =* +*)2-* 2+(.G 14*&5*-01(&.+a(=)&/#=(L 14*&5*-01(&.+a(=)&/#=(L %b% 52='() B*3# B*3#

$H#6#I

@&.,(;*.1(0'(13 &- .&.< ;(+)'&+2-* 0G-**/*.1+

@&.,(;*.1(0'(13 0.; .&.#$#$

7*+5&.+(=('(1(*+ U 5-&)*;2-*+

!"#$%&'(&) 

$>#$#6

7*5&-1(.G (.,&-/01(&. +*)2-(13 *8*.1+

_8*.1+ 0-* -*5&-1*; 1& 0'' +10B*#$#H

7*5&-1(.G (.,&-/01(&. +*)2-(13 9*0B.*++

(=@&/ 40+ 0 -*90-; ,&- -*5&-1  5-&G-0/#   5-&G-0/# K'' 4(G4'3 +*.+(1(8* (.,&-/01(&. )0. =* +*)2-* 2+(.G 14* &5*-01(&.+a(=)&/#=(L %b% 52='() B*3# B*3#

$>#$#I

K++*++/*.1 &, U ;*)(+(&. &. (.,&-/01(&. +*)2-(13 *8*.1+

!"#$%&'(&) 

$>#$#"

7*+5&.+* 1& (.,&-/01(&. +*)2-(13

K'' (.)(;*.1+ )&.+(;*-*; 1& =* +*)2-(13 (.)(;*.1+ 0-* (//*;(01*'3 )&//2.()01*; 1& 0'' *,,*)1*; +10B*4&';*-+# ?.)'2;(.G 14* 2+*

ISO/IEC 27001 Statement of Applicability

(.)(;*.1+

&, a(=@&/:dVF a(=@&/:dVF 19(11* 19(11*- 0))&2.1 U +1012+#/3;(G(10'+1-2)12-*#)&/ +1012+#/3;(G(10'+1-2)12-*#)&/##

$>#$#>

Z*0-.(.G ,-&/ (.,&-/01(&. +*)2-(13 (.)(;*.1+

K'' '*0-.(.G+ ,-&/ (.)(;*.1+ 0-* (//*;(01*'3 055'(*; 1& 14* 5'01,&-/#

$>#$#Q

@&''*)1(&. &, *8(;*.)*

!"#$%&'(&) 

2#.-+&"'*-# /%,0+*'1 ,-#'*#0*'1 $Q#$#$

%'0..(.G (.,&-/01(&. +*)2-(13 )&.1(.2(13

(=@&/ 40+ 0 ,2'' ;(+0+1*- 5'0. < (.)'2;(.G -2..(.G /(--&- (.+10.)*+ (. &14*- G*&G-054()0' '&)01(&.+#

$Q#$#6

?/5'*/*.1(.G (.,&-/01(&. +*)2-(13 )&.1(.2(13

K'' /(--&- +(1*+ &5*-01* 9(14(. 14* +0/* 5-&;2)1(&. D&5*-01(&.0' L&.*E 5-&1&)&'+#

$Q#$#H

c*-(,3R -*8(*9 U *80'201* (.,&-/01(&. )&.1(.2(13

c*-(,()01(&.R -*8(*9 U *80'201(&. &))2-+ )&.+10.1'3#

I%)0#)"#,*%/ $Q#6#$

K80('0=('(13 &, (.,&-/01(&. 5-&)*++(.G ,0)('(1(*+

:(--&- +(1*+ 0-* (/5'*/*.1*; (. &14*- G*&G-054()0' '&)01(&.+#

D-&;3*"#,% 8*'> 3%$"3 7 ,-#'+",'0"3 +%A0*+%&%#'/ $X#$#$

?;*.1(,()01(&. &, 055'()0='* '*G(+'01(&. U )&.1-0)120' -*T2(-*/*.1+

!"#$%&'(&) 

$X#$#6

?.1*''*)120' 5-&5*-13 -(G41+

K'' +&,190-* 0.; (.,&-/01(&. (.1*''*)120' 5-&5*-13 -(G41+ 0-* 9*'' B.&9. 0.; /0.0G*;#

ISO/IEC 27001 Statement of Applicability

$X#$#H

%-&1*)1(&. &, -*)&-;+

K'' -*)&-;+ 0-* 4(G4'3 5-&1*)1*;#

$X#$#I

%-(80)3 U 5-&1*)1(&. &, 5*-+&.0''3 (;*.1(,(0='* (.,&-/01(&.

K'' 5-(801* (.,&-/01(&. (+ 4(G4'3 5-&1*)1*;#

$X#$#"

7*G2'01(&. &, )-351&G-054() )&.1-&'+

!"#$%&'(&) 

2#.-+&"'*-# /%,0+*'1 +%6*%8/ $X#6#$

?.;*5*.;*.1 -*8(*9 &, (.,&-/01(&. +*)2-(13

O4(-; 50-13 )*-1((,()01(&. (+ 2.;*-903 =,7 2.;*-903  =,7 ,( !&#&%0&3 :>9?@

$X#6#6

@&/5'(0.)* 9(14 +*)2-(13 5&'()(*+ U +10.;0-;+

@&.+10.1'3 =*(.G -*8(*9*; ,&- )&/5'(0.)*#

$X#6#H

O*)4.()0' )&/5'(0.)* -*8(*9

@&.+10.1'3 =*(.G -*8(*9*; ,&- )&/5'(0.)*#

END