S 2 Safeguard catalogues Organisation
S 2.1 Specification of responsibilities and provisions
S 2.4 Maintenance / repair regulations
S 2.5 Division of responsibilities and separation of functions
S 2.6 Granting of site access authorisations
S 2.7 Granting of (system/network) access authorisations
S 2.8 Assignment of access rights
S 2.9 Ban on using non-approved hardware and software
S 2.10 Audit of the hardware and software inventory
S 2.11 Provisions governing the use of passwords
S 2.12 Services and counselling for IT users
S 2.13 Correct disposal of resources requiring protection
S 2.16 Supervising or escorting outside staff/visitors
S 2.17 Entry regulations and controls
S 2.19 Neutral documentation in distributors
S 2.20 Monitoring of existing connections
S 2.23 Issue of PC Use Guidelines
S 2.24 Introduction of a PC Checklist Booklet
S 2.25 Documentation of the system configuration
S 2.26 Appointment of an administrator and his deputy
S 2.27 Maintenance of a PBX system
S 2.28 Availability of external telecommunications advisory services
S 2.29 PBX operating instructions for users
S 2.30 Provisions governing the configuration of users and of user groups
S 2.31 Documentation of authorised users and rights profiles
S 2.32 Establishment of a restricted user environment
S 2.33 Division of administrator roles under Unix
S 2.34 Documentation on changes made to an existing IT system
S 2.35 Obtaining information on security weaknesses of the system
S 2.36 Orderly issue and retrieval of a portable (laptop) PC
S 2.38 Division of administrator roles
S 2.39 Response to violations of security policies
S 2.40 Timely involvement of the staff/factory council
S 2.41 Employees` commitment to data backup
S 2.42 Determination of potential communications partners
S 2.43 Adequate labelling of data media for dispatch
S 2.44 Secure packaging of data media
S 2.45 Controlling the exchange of data media
S 2.46 Appropriate key management
S 2.47 Designating a person in charge of the fax system
S 2.48 Designating authorised fax operators
S 2.49 Procurement of suitable fax machines
S 2.50 Appropriate disposal of consumable fax accessories and spare parts
S 2.51 Producing copies of incoming fax messages
S 2.52 Supply and monitoring of consumables
S 2.53 Deactivation of fax machines after office hours
S 2.54 Procurement/selection of suitable answering machines - not to apply
S 2.55 Use of a security code - not to apply
S 2.56 Avoidance of confidential information on answering machines - not to apply
S 2.57 Regular playback and deletion of recorded messages - not to apply
S 2.58 Limitation of message time - not to apply
S 2.59 Procurement of a suitable modem
S 2.60 Secure administration of a modem
S 2.61 Provisions governing modem usage
S 2.62 Software acceptance and approval procedure
S 2.63 Establishing access rights
S 2.65 Checking the efficiency of user separation on an IT system
S 2.66 The importance of certification for procurement
S 2.67 Defining a security strategy for peer-to-peer network users - not to apply
S 2.68 Implementation of security checks by the peer-to-peer network users - not to apply
S 2.69 Establishing standard workstations
S 2.70 Developing a concept for security gateways
S 2.71 Determination of a security gateway policy
S 2.72 Requirements on a firewall - not to apply
S 2.73 Selecting suitable basic structures for security gateways
S 2.74 Selection of a suitable packet filter
S 2.75 Selection of a suitable application-level gateway
S 2.76 Selection and implementation of suitable filter rules
S 2.77 Integration of servers in the security gateway
S 2.78 Secure operation of a firewall
S 2.79 Determining responsibilities in the area of standard software
S 2.80 Drawing up a requirements catalogue for standard software
S 2.81 Preselection of a standard software product
S 2.82 Developing a test plan for standard software
S 2.83 Testing standard software
S 2.84 Deciding on and developing the installation instructions for standard software
S 2.85 Approval of standard software
S 2.86 Guaranteeing the integrity of standard software
S 2.87 Installation and configuration of standard software
S 2.88 Licence management and version control for standard software
S 2.89 Deinstallation of standard software
S 2.91 Determining a security strategy for the Windows NT client-server network - not to apply
S 2.92 Performing security checks in the Windows NT client-server network - not to apply
S 2.93 Planning of a Windows NT network - not to apply
S 2.94 Sharing of directories under Windows NT - not to apply
S 2.95 Obtaining suitable protective cabinets
S 2.96 Locking of protective cabinets
S 2.97 Correct procedure for code locks
S 2.98 Secure installation of Novell Netware servers - not to apply
S 2.99 Secure set-up of Novell Netware servers - not to apply
S 2.100 Secure operation of Novell Netware servers - not to apply
S 2.101 Revision of Novell Netware servers - not to apply
S 2.102 Relinquishing activation of the remote console - not to apply
S 2.103 Setting up user profiles under Windows 95 - not to apply
S 2.104 System guidelines for restricting usage of Windows 95 - not to apply
S 2.106 Purchase of suitable ISDN cards
S 2.107 Documentation of the configuration of ISDN cards
S 2.108 Relinquishment of remote maintenance of ISDN gateways
S 2.109 Assigning rights for remote access
S 2.110 Data protection guidelines for logging procedures
S 2.111 Keeping manuals at hand
S 2.113 Requirements documents concerning telecommuting
S 2.114 Flow of information between the telecommuter and the institution
S 2.115 Care and maintenance of workstations for telecommuting
S 2.116 Regulated use of telecommuting communication capabilities
S 2.117 Creating a security concept for telecommuting
S 2.118 Determination of a security policy for the use of e-mail - not to apply
S 2.119 Regulations concerning the use of e-mail services - not to apply
S 2.120 Configuration of a mail centre - not to apply
S 2.121 Regular deletion of e-mails - not to apply
S 2.122 Standard e-mail addresses
S 2.123 Selection of a groupware or mail provider
S 2.124 Selection of suitable database software
S 2.125 Installation and configuration of a database
S 2.126 Creation of a database security concept
S 2.128 Controlling access to a database system
S 2.129 Controlling access to database information
S 2.130 Ensuring the integrity of a database
S 2.131 Separation of administrative tasks for database systems
S 2.132 Provisions for configuring database users / user groups
S 2.133 Checking the log files of a database system
S 2.134 Guidelines for database queries
S 2.135 Safe transfer of data to a database
S 2.136 Observance of rules concerning workstations and working environments - not to apply
S 2.137 Procurement of a suitable data backup system
S 2.138 Structured data storage
S 2.139 Survey of the existing network environment
S 2.140 Analysis of the existing network environment
S 2.141 Development of a network concept
S 2.142 Development of a network realisation plan
S 2.143 Development of a network management concept
S 2.144 Selection of a suitable network management protocol
S 2.145 Requirements for a network management tool
S 2.146 Secure operation of a network management system
S 2.147 Secure migration of Novell Netware 3.x servers to Novell Netware 4.x networks - not to apply
S 2.148 Secure configuration of Novell Netware 4.x networks - not to apply
S 2.149 Secure operation of Novell Netware 4.x networks - not to apply
S 2.150 Revision of Novell Netware 4.x networks - not to apply
S 2.151 Design of a NDS concept - not to apply
S 2.152 Design of a time synchronisation concept - not to apply
S 2.153 Documentation of Novell Netware 4.x networks - not to apply
S 2.154 Creating a security concept against malware
S 2.155 Identification of IT systems potentially threatened by computer viruses - not to apply
S 2.156 Selection of a suitable computer virus protection strategy - not to apply
S 2.157 Selection of a suitable virus protection program
S 2.158 Reporting infections of malware,
S 2.159 Updating the virus protection programs and signatures
S 2.160 Rules designed for protection against malware
S 2.161 Development of a cryptographic concept
S 2.162 Determining the need to use cryptographic procedures and products
S 2.163 Determining the factors influencing cryptographic procedures and products
S 2.164 Selection of a suitable cryptographic procedure
S 2.165 Selection of a suitable cryptographic method
S 2.166 Provisions governing the use of crypto modules
S 2.167 Selecting suitable methods for deleting or destroying data
S 2.168 IT system analysis before the introduction of a system management system
S 2.169 Developing a system management strategy
S 2.170 Requirements to be met by a system management system
S 2.171 Selection of a suitable system management product
S 2.172 Developing a concept for using the web
S 2.173 Determining a web security strategy
S 2.174 Secure operation of a web server
S 2.175 Setting up a web server
S 2.176 Selection of a suitable Internet service provider
S 2.177 Security during relocation
S 2.178 Drawing up a set of security guidelines for the use of faxes
S 2.179 Procedures controlling the use of fax servers
S 2.180 Setting up a fax mail centre
S 2.181 Selection of a suitable fax server
S 2.182 Regular revision of IT security measures - not to apply
S 2.183 Performing a RAS requirements analysis - not to apply
S 2.184 Development of a RAS concept - not to apply
S 2.185 Selection of a suitable RAS system architecture - not to apply
S 2.186 Selection of a suitable RAS product - not to apply
S 2.187 Definition of a set of RAS security guidelines - not to apply
S 2.188 Security guidelines and rules for the use of mobile phones
S 2.189 Blocking of the mobile phone in the event of its loss
S 2.190 Setting up a mobile phone pool
S 2.191 Documentation of the security process - not to apply
S 2.192 Drawing up a policy for information security
S 2.193 Establishment of a suitable organisational structure for information security
S 2.194 Drawing up a schedule of existing IT systems - not to apply
S 2.195 Creating a security concept
S 2.196 Implementation of the IT security concept in accordance with an implementation plan - not to apply
S 2.197 Drawing up a training concept for IT security
S 2.198 Making staff aware of information security issues
S 2.199 Maintaining information security
S 2.200 Management reports on information security
S 2.201 Documentation of the security process
S 2.202 Preparation of an IT Security Organisational Manual - not to apply
S 2.203 Establishment of a pool of information on IT security - not to apply
S 2.204 Prevention of insecure network access
S 2.205 Transmission and retrieval of personal data
S 2.206 Planning the use of Lotus Notes/Domino
S 2.207 Security concept for Lotus Notes/Domino
S 2.208 Planning of the domains and certificate hierarchy of Lotus Notes - not to apply
S 2.209 Planning the use of Lotus Notes in an Intranet - not to apply
S 2.210 Planning the use of Lotus Notes in an intranet with browser access - not to apply
S 2.211 Planning the use of Lotus Notes in a demilitarised zone - not to apply
S 2.212 Organisational requirements regarding cleaning contractors
S 2.213 Inspection and maintenance of the technical infrastructure
S 2.214 Concept of IT operations
S 2.216 Approval procedure for IT components
S 2.217 Careful classification and handling of information, applications and systems
S 2.218 Procedures regarding the personal transportation of data media and IT components
S 2.219 Continuous documentation of information processing
S 2.220 Guidelines for access control
S 2.222 Regular checking of technical IT security measures - not to apply
S 2.223 Security objectives for the use of standard software
S 2.224 Prevention against malware
S 2.225 Assignment of responsibility for information, applications and IT components
S 2.226 Procedures regarding the use of outside staff
S 2.227 Planning the use of Windows 2000 - not to apply
S 2.228 Drawing up a set of Windows 2000 security guidelines - not to apply
S 2.229 Planning Active Directory
S 2.230 Planning of Active Directory administration
S 2.231 Planning of group policy under Windows
S 2.232 Planning the Windows CA structure in Windows 2000 and higher
S 2.233 Planning the migration from Windows NT to Windows 2000 - not to apply
S 2.234 The design of Internet PCs
S 2.235 Guidelines for the use of Internet PCs
S 2.236 Planning the use of Novell eDirectory
S 2.237 Planning of partitioning and replication in Novell eDirectory
S 2.238 Specification of security guidelines for Novell eDirectory
S 2.239 Planning the use of Novell eDirectory on the Intranet
S 2.240 Planning the use of Novell eDirectory on the Extranet
S 2.241 Procedure for carrying out a teleworkstation requirements analysis
S 2.242 Electronic archiving objectives
S 2.243 Development of an archiving concept
S 2.244 Determination of the technical influencing factors for electronic archiving
S 2.245 Determination of the legal influencing factors for electronic archiving
S 2.246 Determination of the organisational influencing factors for electronic archiving
S 2.247 Planning the use of Exchange and Outlook
S 2.248 Definition of security guidelines for Exchange/Outlook 2000 - not to apply
S 2.249 Planning the migration of Exchange systems
S 2.250 Determining an outsourcing strategy
S 2.251 Specification of the security requirements for outsourcing projects
S 2.252 Choice of a suitable outsourcing service provider
S 2.253 Contractual arrangements with the outsourcing service provider
S 2.254 Creating a security concept for the outsourcing project
S 2.255 Secure migration in outsourcing projects
S 2.256 Planning and maintenance of IT security during ongoing outsourcing operations
S 2.257 Monitoring of the memory resources of archiving media
S 2.258 Consistent indexing of documents during archiving
S 2.259 Introduction of a high-level document management system
S 2.260 Regular auditing of the archiving procedure
S 2.261 Regular market surveys of archive systems
S 2.262 Control of archive system usage
S 2.263 Regular regeneration of archived data resources
S 2.264 Regular regeneration of encrypted data in archiving
S 2.265 Proper use of digital signatures in archiving
S 2.266 Regular replacement of technical archive system components
S 2.267 Planning the use of IIS - not to apply
S 2.268 Definition of a security policy for IIS - not to apply
S 2.269 Planning the use of an Apache web server - not to apply
S 2.270 Planning the use of SSL on the Apache web server - not to apply
S 2.271 Determining a security strategy for web access - not to apply
S 2.272 Setting up a web editorial team
S 2.273 Prompt installation of security-relevant patches and updates
S 2.274 Deputisation arrangements for e-mail
S 2.275 Setting up function-specific e-mail addresses - not to apply
S 2.276 Functional description of a router
S 2.277 Functional description of a switch
S 2.278 Typical operational scenarios in which routers and switches are used
S 2.279 Drawing up a security policy for routers and switches
S 2.280 Criteria for the procurement and selection of suitable routers and switches
S 2.281 Documentation of the system configuration of routers and switches
S 2.282 Regular checking of routers and switches
S 2.283 Software maintenance on routers and switches
S 2.284 Secure withdrawal from operation of routers and switches
S 2.285 Determining standards for z/OS system definitions
S 2.286 Planning and use of zSeries systems
S 2.287 Batch job planning for z/OS systems
S 2.288 Drawing up a security policy for z/OS systems
S 2.289 Use of restrictive z/OS IDs
S 2.291 Security reporting and security audits under z/OS
S 2.292 Monitoring of z/OS systems
S 2.293 Maintenance of zSeries systems
S 2.294 Synchronisation of z/OS passwords and RACF commands
S 2.295 System administration of z/OS systems
S 2.296 Basic factors to consider with z/OS-transaction monitors
S 2.297 Deinstallation of z/OS systems
S 2.298 Administration of Internet domain names
S 2.299 Drawing up a security policy for a security gateway
S 2.300 Secure withdrawal from operation or replacement of components of a security gateway
S 2.301 Outsourcing the security gateway
S 2.302 Security gateways and high availability
S 2.303 Determining a strategy for the use of PDAs
S 2.304 Security policy and rules governing PDA usage
S 2.305 Selection of suitable PDAs
S 2.307 Well-ordered termination of an outsourcing service relationship
S 2.308 Moving out of buildings
S 2.309 Security policies and rules for the use of mobile IT
S 2.310 Appropriate selection of laptops
S 2.311 Planning protective cabinets
S 2.312 Design of an information security training and awareness program
S 2.313 Secure registration with Internet services
S 2.314 Use of high-availability architectures for servers
S 2.315 Planning the use of servers
S 2.316 Defining a security policy for a general server
S 2.317 Criteria for the procurement of servers
S 2.318 Secure installation of an IT system
S 2.320 Orderly withdrawal from operation of servers
S 2.321 Planning the use of client-server networks
S 2.322 Defining a security policy for a client/server network
S 2.323 Orderly withdrawal from operation of clients
S 2.324 Planning the introduction of Windows XP, Vista and Windows 7
S 2.325 Planning the Windows XP, Vista and Windows 7 security policies
S 2.326 Planning the Windows XP, Vista and Windows 7 group policies
S 2.327 Secure remote access under Windows XP, Windows Vista and Windows 7
S 2.328 Use of Windows XP on mobile computers
S 2.329 Introduction of Windows XP SP2
S 2.331 Planning rooms for meetings, events and training
S 2.332 Equipping meeting, event and training rooms
S 2.333 Secure use of meeting, event and training rooms
S 2.334 Selection of an appropriate building
S 2.335 Defining the security objectives and strategy
S 2.336 Acceptance of overall responsibility for information security at the management level
S 2.337 Integrating information security into organisation-wide procedures and processes
S 2.338 Creating target group oriented security policies
S 2.339 Cost-effective use of resources for information security
S 2.340 Consideration of legal framework conditions
S 2.341 Planning the use of SAP
S 2.342 Planning of SAP rights
S 2.343 Protection of SAP systems in a portal scenario
S 2.344 Secure operation of SAP systems on the Internet
S 2.345 Outsourcing of an SAP system
S 2.346 Use of the SAP documentation
S 2.347 Regular security checks of SAP systems
S 2.348 Security aspects relating to the customisation of SAP systems
S 2.349 Secure software development for SAP systems
S 2.350 Withdrawal from operation of SAP systems
S 2.351 Planning the use of storage systems
S 2.352 Drawing up a security policy for NAS systems
S 2.353 Drawing up a security policy for SAN systems
S 2.354 Use of a high availability SAN configuration
S 2.355 Selection of suppliers for a storage system
S 2.356 Contractual arrangements with SAN service providers
S 2.357 Setting up an administration network for storage systems
S 2.358 Documenting the system settings of storage systems
S 2.359 Monitoring and administration of storage systems
S 2.360 Security audits and reporting for storage systems
S 2.361 Deinstallation of storage systems
S 2.362 Selection of a suitable storage system
S 2.363 Protection against SQL injection
S 2.364 Planning of administration for Windows 2003 and higher
S 2.365 Planning of system monitoring under Windows Server 2003
S 2.366 Use of security templates under Windows Server 2003
S 2.367 Use of commands and scripts under Windows Server 2003 and higher
S 2.368 Handling of administrative templates under Windows Server 2003 and higher
S 2.369 Regular security-relevant maintenance of a Windows Server 2003
S 2.370 Administration of access rights under Windows Server 2003 and higher
S 2.371 Regulated deactivation and deletion of unused user accounts
S 2.372 Planning the use of VoIP
S 2.373 Drawing up a security policy for VoIP
S 2.374 Scope of VoIP encryption
S 2.375 Selection of suitable VoIP systems
S 2.376 Separation of data network and VoIP network
S 2.377 Secure withdrawal from operation of VoIP components
S 2.379 Software development by end users
S 2.381 Determining a strategy for the use of WLAN
S 2.382 Drawing up a security policy for the use of WLAN
S 2.383 Selection of a suitable WLAN standard
S 2.384 Selection of suitable crypto-methods for WLAN
S 2.385 Selection of suitable WLAN components
S 2.386 Careful planning of necessary WLAN migration steps
S 2.387 Installation, configuration, and support service for a WLAN by third party
S 2.388 Appropriate key management for WLAN
S 2.389 Secure use of hotspots
S 2.390 Taking WLAN components out of operation
S 2.391 Timely provision of information to the fire safety engineer
S 2.392 Modelling of virtualisation servers and virtual IT systems
S 2.393 Regulations concerning information exchange
S 2.394 Inspection of electrical equipment
S 2.395 Requirements analysis for IT cabling
S 2.396 Specifications for documentation and labelling of IT cabling
S 2.397 Planning the use of printers, copiers, and all-in-one devices
S 2.398 User guidelines for handling printers, copiers, and all-in-one devices
S 2.400 Secure withdrawal from operation of printers, copiers, and all-in-one devices
S 2.401 Handling of mobile data media and devices
S 2.403 Planning the use of directory services
S 2.404 Creating a security concept for directory services
S 2.405 Drawing up a security policy for the use of directory services
S 2.406 Selection of suitable components for directory services
S 2.407 Planning the administration of directory services
S 2.408 Planning the migration of directory services
S 2.409 Planning of partitioning and replication in the directory service
S 2.410 Orderly withdrawal of a directory service from operation
S 2.411 Separation of the administration of services and data of an Active Directory
S 2.412 Authentication protection when using Active Directory
S 2.413 Secure use of DNS for Active Directory
S 2.414 Computer virus protection for domain controllers
S 2.415 Performing a VPN requirements analysis
S 2.416 Planning the use of VPNs
S 2.417 Planning the technical VPN implementation
S 2.418 Drawing up a security policy for the use of VPNs
S 2.419 Selection of suitable VPN products
S 2.420 Selecting a trusted VPN service provider
S 2.421 Planning the patch and change management process
S 2.422 Handling change requests
S 2.423 Specification of responsibilities for patch and change management
S 2.424 Security policy for the use of patch and change management tools
S 2.425 Selection of suitable tools for patch and change management
S 2.426 Integration of patch and change management into the business processes
S 2.427 Co-ordination of change requests
S 2.428 Scalability in patch and change management
S 2.429 Measuring the success of change requests
S 2.430 Security policies and rules for protecting information while travelling
S 2.431 Provisions governing the procedure for deleting or destroying information
S 2.432 Policies for the deletion and destruction of information
S 2.433 Overview of the methods for deleting and destroying data
S 2.434 Purchasing suitable devices for deleting or destroying data
S 2.435 Selecting suitable shredders
S 2.436 Destruction of data media by external service providers
S 2.437 Planning the use of a Samba server
S 2.438 Secure use of external programs on a Samba server
S 2.439 Design and organisation of compliance management
S 2.440 Selection of a suitable Windows Vista and Windows 7 version
S 2.441 Checking software for compatibility with Windows Vista and Windows 7
S 2.442 Use of Windows Vista and Windows 7 on mobile systems
S 2.443 Implementation of Windows Vista SP1
S 2.444 Planning the use of virtual IT systems
S 2.445 Selection of suitable hardware for virtualisation environments
S 2.446 Separation of administrative tasks for virtualisation servers
S 2.447 Secure use of virtual IT systems
S 2.448 Monitoring the function and configuration of virtual infrastructures
S 2.449 Minimum use of console accesses to virtual IT systems
S 2.450 Introduction to DNS basics
S 2.451 Planning the use of DNS
S 2.452 Selection of a suitable DNS server product
S 2.453 Withdrawal from operation of DNS servers
S 2.454 Planning the secure use of groupware systems
S 2.455 Defining a security policy for Groupware
S 2.456 Secure administration of groupware systems
S 2.457 Concept for secure Internet use
S 2.458 Guideline for using the Internet
S 2.459 Overview of Internet services
S 2.460 Regulated use of external services
S 2.461 Planning the secure use of Bluetooth
S 2.462 Selection criteria for the procurement of Bluetooth devices
S 2.463 Use of a central pool of Bluetooth peripheral devices
S 2.464 Drawing up a security policy for the use of terminal servers
S 2.465 Analysis of the required system resources of terminal servers
S 2.466 Migration to a terminal server architecture
S 2.467 Planning regular restart cycles of terminal servers
S 2.468 Licensing software in terminal server environments
S 2.469 Orderly withdrawal from operation of components in a terminal server environment
S 2.470 Procedure for carrying out a requirements analysis for PBX systems
S 2.471 Planning the use of PBX systems
S 2.472 Drawing up a security policy for PBX systems
S 2.473 Selection of PBX service providers
S 2.474 Secure withdrawal from operation of PBX components
S 2.475 Contractual arrangements when appointing an external IT security officer
S 2.476 Concept for secure Internet connection
S 2.477 Planning a virtual infrastructure
S 2.478 Planning the use of Mac OS X
S 2.479 Planning the Mac OS X security policies
S 2.480 Use of the Exchange and Outlook documentations
S 2.481 Planning the use of Exchange for Outlook Anywhere
S 2.482 Regular security checks of Exchange systems
S 2.483 Security aspects relating to the customisation of Exchange systems
S 2.485 Selection of backends for OpenLDAP
S 2.486 Documentation on the architecture of web applications
S 2.487 Development and extension of applications
S 2.489 Planning of system monitoring under Windows Server 2008
S 2.490 Planning the use of virtualisation using Hyper-V
S 2.491 Use of roles and security templates under Windows Server 2008
S 2.492 Integration of the Lotus Notes/Domino environment into the existing security infrastructure
S 2.493 Licence management and licencing aspects regarding procurement for Lotus Notes/Domino
S 2.494 Selection of suitable components for the infrastructure of a Lotus Notes/Domino environment
S 2.495 Disposal of Lotus Notes/Domino components
S 2.496 Orderly withdrawal of a logging server from operation
S 2.497 S 2.497 Creating a security concept for logging
S 2.498 Handling warnings and error messages
S 2.499 Planning the logging procedures
S 2.501 Data protection management
S 2.502 Specification of the responsibilities for data protection
S 2.503 Aspects of a data protection concept
S 2.504 Checking the legal framework and prior checking before processing personal data
S 2.506 Obligation/briefing of staff members for the processing of personal data
S 2.509 Data protection approval
S 2.511 Regulation of commissioned data processing regarding the processing of personal data
S 2.512 Regulation of linkage and usage of data regarding the processing of personal data
S 2.513 Documentation of admissibility regarding data protection
S 2.514 Maintenance of data protection during operation
S 2.515 Deletion/destruction in compliance with data protection