12.2 Handling of information and assets
12.2.1. The relevant entities shall establish, implement and apply a policy for the proper handling of information and assets in accordance with their network and information security policy, and shall communicate the policy to anyone who uses or handles information and assets.
12.2.2. The policy shall:
(a) cover the entire life cycle of the information and assets, including acquisition, use, storage, transportation and disposal;
(b) provide instructions on the safe use, safe storage, safe transport, and the irretrievable deletion and destruction of the information and assets;
(c) provide that equipment, hardware, software and data may be transferred to external premises only after approval by bodies authorised by management bodies in accordance with the policies,
(d) provide that the transfer shall take place in a secure manner, in accordance with the type of asset or information to be transferred.
12.2.3. The relevant entities shall review and, where appropriate, update the policy at planned intervals and when significant incidents or significant changes to operations or risks occur.
Holen Sie sich den NIS2-Umsetzungs-Fahrplan und unseren Newsletter!