Combo SOPs — Information Technology Management - Essential
📋 Combo SOPs — Information Technology Management (English)
Normative basis: ISO/IEC 27001:2022 · ISO/IEC 27002:2022 · ISO/IEC 20000-1:2018 · ISO/IEC 22301:2019 · ISO 9001:2015 · NIST Cybersecurity Framework · COBIT 2019 · ITIL 4 · GDPR/LGPD · SOC 2
🔐 Information Security (ISO/IEC 27001 / 27002)
#SOP TitlePrimary Reference01Information Security Risk Assessment and TreatmentISO 27001 cl. 6.102Access Control and User Privilege ManagementISO 27002 cl. 5.15–5.1803Password Policy and Authentication ManagementISO 27002 cl. 5.1704Cryptography and Encryption Key ManagementISO 27002 cl. 8.2405Physical and Environmental Security of IT AssetsISO 27002 cl. 7.1–7.1306Security Incident Detection, Response and ReportingISO 27001 cl. A.5.24–5.2807Vulnerability Management and Patch ControlISO 27002 cl. 8.808Supplier and Third-Party Security ManagementISO 27002 cl. 5.19–5.2209Data Classification and LabelingISO 27002 cl. 5.12–5.1310Clear Desk, Clear Screen and Removable Media PolicyISO 27002 cl. 7.7–7.10
🖥️ IT Service Management (ISO/IEC 20000-1 / ITIL 4)
#SOP TitlePrimary Reference11Incident Management and Service Desk OperationISO 20000-1 cl. 8.6.1 / ITIL12Problem Management and Root Cause AnalysisISO 20000-1 cl. 8.6.213Change Management and Change Advisory Board (CAB)ISO 20000-1 cl. 8.514Configuration Management and CMDB ControlISO 20000-1 cl. 8.2.415Service Level Management and SLA ReviewISO 20000-1 cl. 8.316Release and Deployment ManagementISO 20000-1 cl. 8.5.317Capacity and Performance ManagementISO 20000-1 cl. 8.4.218Availability and Service Continuity ManagementISO 20000-1 cl. 8.7
🔄 IT Operations and Infrastructure
#SOP TitlePrimary Reference19Backup and Data Recovery ProceduresISO 27002 cl. 8.13 / ISO 2230120Network Monitoring and Log ManagementISO 27002 cl. 8.15–8.16