iso27001-2022.yaml

urn: urn:intuitem:risk:library:iso27001-2022
locale: en
ref_id: ISO/IEC 27001:2022
name: International standard ISO/IEC 27001:2022
description: "Information security, cybersecurity and privacy protection \u2014 Information\
  \ security management systems \u2014 Requirements"
copyright: See https://www.iso.org/standard/27001
version: 7
provider: ISO/IEC
packager: intuitem
translations:
  fr:
    name: Norme internationale ISO/IEC 27001:2022
    description: "S\xE9curit\xE9 de l'information, cybers\xE9curit\xE9 et protection\
      \ de la vie priv\xE9e \u2014 Information syst\xE8me de management de la s\xE9\
      curit\xE9 \u2014 Exigences"
    copyright: Voir https://www.iso.org/standard/27001
dependencies:
- urn:intuitem:risk:library:doc-pol
objects:
  reference_controls:
  - urn: urn:intuitem:risk:function:doc-pol:a.5.1
    ref_id: A.5.1
    name: Policies for information security
    category: policy
    description: This control establishes and maintains information security policies
      aligned with organizational objectives. Measures include defining scope, setting
      goals, and ensuring alignment with compliance requirements.
    translations:
      fr:
        name: "Politiques de s\xE9curit\xE9 de l'information"
        description: "Cette mesure de s\xE9curit\xE9 \xE9tablit et maintient des politiques\
          \ de s\xE9curit\xE9 de l'information align\xE9es sur les objectifs organisationnels.\
          \ Les mesures incluent la d\xE9finition de la port\xE9e, la fixation des\
          \ objectifs et l'alignement avec les exigences de conformit\xE9."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.2
    ref_id: A.5.2
    name: Information security roles and responsibilities
    category: process
    description: This control defines and assigns roles and responsibilities for information
      security to ensure accountability. Measures include clear documentation of responsibilities,
      periodic reviews, and enforcement mechanisms.
    translations:
      fr:
        name: "Fonctions et responsabilit\xE9s li\xE9es \xE0 la s\xE9curit\xE9 de\
          \ l'information"
        description: "Cette mesure de s\xE9curit\xE9 d\xE9finit et attribue des r\xF4\
          les et responsabilit\xE9s en mati\xE8re de s\xE9curit\xE9 de l'information\
          \ pour garantir la responsabilit\xE9. Les mesures incluent une documentation\
          \ claire des responsabilit\xE9s, des revues p\xE9riodiques et des m\xE9\
          canismes d'application."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.3
    ref_id: A.5.3
    name: Segregation of duties
    category: process
    description: This control ensures segregation of duties to reduce the risk of
      errors, fraud, and unauthorized access. Measures include role separation, access
      restrictions, and regular audits.
    translations:
      fr:
        name: "S\xE9paration des t\xE2ches"
        description: "Cette mesure de s\xE9curit\xE9 garantit la s\xE9paration des\
          \ t\xE2ches pour r\xE9duire le risque d'erreurs, de fraude et d'acc\xE8\
          s non autoris\xE9. Les mesures incluent la s\xE9paration des r\xF4les, des\
          \ restrictions d'acc\xE8s et des audits r\xE9guliers."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.4
    ref_id: A.5.4
    name: Management responsibilities
    category: process
    description: This control ensures management responsibilities for information
      security are clearly defined and implemented. Measures include setting objectives,
      allocating resources, and overseeing compliance.
    translations:
      fr:
        name: "Responsabilit\xE9s de la direction"
        description: "Cette mesure de s\xE9curit\xE9 garantit que les responsabilit\xE9\
          s de gestion en mati\xE8re de s\xE9curit\xE9 de l'information sont clairement\
          \ d\xE9finies et mises en \u0153uvre. Les mesures incluent la fixation d'objectifs,\
          \ l'allocation de ressources et la supervision de la conformit\xE9."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.5
    ref_id: A.5.5
    name: Contact with authorities
    category: process
    description: This control ensures timely communication with relevant authorities
      during information security incidents. Measures include establishing contact
      protocols, maintaining updated contact lists, and assigning responsibilities.
    translations:
      fr:
        name: "Contact avec les autorit\xE9s"
        description: "Cette mesure de s\xE9curit\xE9 garantit une communication rapide\
          \ avec les autorit\xE9s comp\xE9tentes en cas d'incidents de s\xE9curit\xE9\
          \ de l'information. Les mesures incluent des protocoles de contact, des\
          \ listes de contacts \xE0 jour et l'attribution de responsabilit\xE9s."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.6
    ref_id: A.5.6
    name: Contact with special interest groups
    category: process
    description: This control facilitates contact with special interest groups to
      stay informed about security trends and practices. Measures include participation
      in forums, memberships, and collaborative initiatives.
    translations:
      fr:
        name: "Contact avec des groupes d'int\xE9r\xEAt sp\xE9cifiques"
        description: "Cette mesure de s\xE9curit\xE9 facilite le contact avec des\
          \ groupes d'int\xE9r\xEAt pour rester inform\xE9 des tendances et pratiques\
          \ en mati\xE8re de s\xE9curit\xE9. Les mesures incluent la participation\
          \ \xE0 des forums, des adh\xE9sions et des initiatives collaboratives."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.7
    ref_id: A.5.7
    name: Threat intelligence
    category: process
    description: This control ensures threat intelligence is developed and maintained
      to identify and mitigate security risks. Measures include monitoring threat
      feeds, analyzing trends, and sharing actionable insights.
    translations:
      fr:
        name: Renseignements sur les menaces
        description: "Cette mesure de s\xE9curit\xE9 garantit que des renseignements\
          \ sur les menaces sont d\xE9velopp\xE9s et maintenus pour identifier et\
          \ att\xE9nuer les risques de s\xE9curit\xE9. Les mesures incluent le suivi\
          \ des flux de menaces, l'analyse des tendances et le partage d'informations\
          \ exploitables."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.8
    ref_id: A.5.8
    name: Information security in project management
    category: process
    description: This control incorporates information security into project management
      practices. Measures include risk assessments, compliance reviews, and security
      checkpoints during project lifecycles.
    translations:
      fr:
        name: "S\xE9curit\xE9 de l'information dans la gestion de projet"
        description: "Cette mesure de s\xE9curit\xE9 int\xE8gre la s\xE9curit\xE9\
          \ de l'information dans les pratiques de gestion de projet. Les mesures\
          \ incluent les \xE9valuations des risques, les revues de conformit\xE9 et\
          \ les points de contr\xF4le de s\xE9curit\xE9 tout au long du cycle de vie\
          \ du projet."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.9
    ref_id: A.5.9
    name: Inventory of information and other associated assets
    category: process
    description: This control ensures an accurate inventory of information and associated
      assets is maintained. Measures include asset tracking, periodic audits, and
      classification by sensitivity.
    translations:
      fr:
        name: "Inventaire des informations et autres actifs associ\xE9s"
        description: "Cette mesure de s\xE9curit\xE9 garantit qu\u2019un inventaire\
          \ pr\xE9cis des informations et des actifs associ\xE9s est maintenu. Les\
          \ mesures incluent le suivi des actifs, des audits p\xE9riodiques et une\
          \ classification par sensibilit\xE9."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.10
    ref_id: A.5.10
    name: Acceptable use of information and other associated assets
    category: process
    description: This control defines acceptable use of information and associated
      assets to ensure proper handling. Measures include documented policies, user
      training, and enforcement mechanisms.
    translations:
      fr:
        name: "Utilisation correcte des informations et autres actifs associ\xE9s"
        description: "Cette mesure de s\xE9curit\xE9 d\xE9finit les r\xE8gles d'utilisation\
          \ acceptable des informations et des actifs associ\xE9s pour assurer une\
          \ manipulation appropri\xE9e. Les mesures incluent des politiques document\xE9\
          es, la formation des utilisateurs et des m\xE9canismes d'application."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.11
    ref_id: A.5.11
    name: Return of assets
    category: process
    description: This control ensures the secure return of assets when employees or
      contractors leave or change roles. Measures include checklists, asset tracking,
      and decommissioning protocols.
    translations:
      fr:
        name: Restitution des actifs
        description: "Cette mesure de s\xE9curit\xE9 garantit le retour s\xE9curis\xE9\
          \ des actifs lorsque des employ\xE9s ou des sous-traitants quittent ou changent\
          \ de r\xF4le. Les mesures incluent des listes de contr\xF4le, le suivi des\
          \ actifs et des protocoles de d\xE9sactivation."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.12
    ref_id: A.5.12
    name: Classification of information
    category: process
    description: This control ensures information is classified based on its sensitivity
      and value to ensure appropriate protection. Measures include classification
      schemes, access restrictions, and labeling guidelines.
    translations:
      fr:
        name: Classification des informations
        description: "Cette mesure de s\xE9curit\xE9 garantit que les informations\
          \ sont class\xE9es en fonction de leur sensibilit\xE9 et de leur valeur\
          \ pour assurer une protection ad\xE9quate. Les mesures incluent des sch\xE9\
          mas de classification, des restrictions d'acc\xE8s et des directives d'\xE9\
          tiquetage."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.13
    ref_id: A.5.13
    name: Labelling of information
    category: process
    description: This control ensures consistent labeling of information to reflect
      its classification and handling requirements. Measures include standardized
      templates, training, and audits.
    translations:
      fr:
        name: Marquage des informations
        description: "Cette mesure de s\xE9curit\xE9 garantit un \xE9tiquetage coh\xE9\
          rent des informations pour refl\xE9ter leur classification et leurs exigences\
          \ de traitement. Les mesures incluent des mod\xE8les standardis\xE9s, des\
          \ formations et des audits."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.14
    ref_id: A.5.14
    name: Information transfer
    category: process
    description: This control establishes secure processes for transferring information
      between systems or organizations. Measures include encryption, access controls,
      and secure transfer protocols.
    translations:
      fr:
        name: Transfert des informations
        description: "Cette mesure de s\xE9curit\xE9 \xE9tablit des processus s\xE9\
          curis\xE9s pour le transfert d'informations entre syst\xE8mes ou organisations.\
          \ Les mesures incluent le chiffrement, les contr\xF4les d'acc\xE8s et les\
          \ protocoles de transfert s\xE9curis\xE9s."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.15
    ref_id: A.5.15
    name: Access control
    category: process
    description: This control implements and maintains access control mechanisms to
      restrict access to authorized individuals. Measures include role-based access,
      multi-factor authentication, and periodic reviews.
    translations:
      fr:
        name: "Contr\xF4le d'acc\xE8s"
        description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre et maintient\
          \ des m\xE9canismes de contr\xF4le d'acc\xE8s pour limiter l'acc\xE8s aux\
          \ individus autoris\xE9s. Les mesures incluent des contr\xF4les bas\xE9\
          s sur les r\xF4les, l'authentification multifacteur et des revues p\xE9\
          riodiques."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.16
    ref_id: A.5.16
    name: Identity management
    category: process
    description: This control ensures identities are managed securely to guarantee
      accurate and reliable access to systems. Measures include identity verification,
      lifecycle management, and access provisioning.
    translations:
      fr:
        name: "Gestion des identit\xE9s"
        description: "Cette mesure de s\xE9curit\xE9 garantit que les identit\xE9\
          s sont g\xE9r\xE9es de mani\xE8re s\xE9curis\xE9e pour garantir un acc\xE8\
          s pr\xE9cis et fiable aux syst\xE8mes. Les mesures incluent la v\xE9rification\
          \ d'identit\xE9, la gestion du cycle de vie et l'approvisionnement des acc\xE8\
          s."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.17
    ref_id: A.5.17
    name: Authentication information
    category: process
    description: This control protects authentication information, such as passwords,
      to prevent unauthorized access. Measures include encryption, secure storage,
      and periodic password updates.
    translations:
      fr:
        name: Informations d'authentification
        description: "Cette mesure de s\xE9curit\xE9 prot\xE8ge les informations d'authentification,\
          \ telles que les mots de passe, pour emp\xEAcher tout acc\xE8s non autoris\xE9\
          . Les mesures incluent le chiffrement, le stockage s\xE9curis\xE9 et les\
          \ mises \xE0 jour p\xE9riodiques des mots de passe."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.18
    ref_id: A.5.18
    name: Access rights
    category: process
    description: This control ensures access rights are regularly reviewed and managed
      to align with roles and responsibilities. Measures include periodic audits,
      access revocation, and automated access management.
    translations:
      fr:
        name: "Droits d'acc\xE8s"
        description: "Cette mesure de s\xE9curit\xE9 garantit que les droits d'acc\xE8\
          s sont r\xE9guli\xE8rement revus et g\xE9r\xE9s pour s'aligner sur les r\xF4\
          les et responsabilit\xE9s. Les mesures incluent des audits p\xE9riodiques,\
          \ la r\xE9vocation des acc\xE8s et la gestion automatis\xE9e des acc\xE8\
          s."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.19
    ref_id: A.5.19
    name: Information security in supplier relationships
    category: process
    description: This control ensures information security is embedded in supplier
      relationships and processes. Measures include due diligence, security reviews,
      and ongoing monitoring.
    translations:
      fr:
        name: "S\xE9curit\xE9 de l'information dans les relations avec les fournisseurs"
        description: "Cette mesure de s\xE9curit\xE9 garantit que la s\xE9curit\xE9\
          \ de l'information est int\xE9gr\xE9e dans les relations et processus avec\
          \ les fournisseurs. Les mesures incluent la diligence raisonnable, les revues\
          \ de s\xE9curit\xE9 et la surveillance continue."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.20
    ref_id: A.5.20
    name: Addressing information security within supplier agreements
    category: process
    description: This control addresses information security requirements within supplier
      agreements. Measures include explicit contract clauses, compliance audits, and
      defined penalties for violations.
    translations:
      fr:
        name: "La s\xE9curit\xE9 de l'information dans les accords conclus avec les\
          \ fournisseurs"
        description: "Cette mesure de s\xE9curit\xE9 aborde les exigences de s\xE9\
          curit\xE9 de l'information dans les accords avec les fournisseurs. Les mesures\
          \ incluent des clauses contractuelles explicites, des audits de conformit\xE9\
          \ et des p\xE9nalit\xE9s d\xE9finies pour les violations."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.21
    ref_id: A.5.21
    name: Managing information security in the ICT supply chain
    category: process
    description: This control manages information security risks in the ICT supply
      chain to ensure security of services and components. Measures include risk assessments,
      supplier evaluations, and incident response protocols.
    translations:
      fr:
        name: "Gestion de la s\xE9curit\xE9 de l'information dans la cha\xEEne d'approvisionnement\
          \ des technologies de l'information et de la communication (TIC)"
        description: "Cette mesure de s\xE9curit\xE9 g\xE8re les risques de s\xE9\
          curit\xE9 de l'information dans la cha\xEEne d'approvisionnement TIC pour\
          \ garantir la s\xE9curit\xE9 des services et des composants. Les mesures\
          \ incluent des \xE9valuations des risques, des \xE9valuations des fournisseurs\
          \ et des protocoles de r\xE9ponse aux incidents."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.22
    ref_id: A.5.22
    name: Monitor, review and change management of supplier services
    category: process
    description: This control ensures supplier services are monitored, reviewed, and
      adjusted to maintain information security. Measures include service level agreements,
      periodic reviews, and contract updates.
    translations:
      fr:
        name: "Surveillance, r\xE9vision et gestion des changements des services fournisseurs"
        description: "Cette mesure de s\xE9curit\xE9 garantit que les services des\
          \ fournisseurs sont surveill\xE9s, revus et ajust\xE9s pour maintenir la\
          \ s\xE9curit\xE9 de l'information. Les mesures incluent des accords de niveau\
          \ de service, des revues p\xE9riodiques et des mises \xE0 jour contractuelles."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.23
    ref_id: A.5.23
    name: Information security for use of cloud services
    category: process
    description: This control ensures the secure use of cloud services by addressing
      associated risks. Measures include data encryption, access controls, and provider
      compliance reviews.
    translations:
      fr:
        name: "S\xE9curit\xE9 de l'information dans l'utilisation de services en nuage"
        description: "Cette mesure de s\xE9curit\xE9 garantit l'utilisation s\xE9\
          curis\xE9e des services cloud en abordant les risques associ\xE9s. Les mesures\
          \ incluent le chiffrement des donn\xE9es, les contr\xF4les d'acc\xE8s et\
          \ les revues de conformit\xE9 des fournisseurs."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.24
    ref_id: A.5.24
    name: Information security incident management planning and preparation
    category: process
    description: This control ensures proper planning and preparation for managing
      information security incidents. Measures include incident response plans, training
      exercises, and communication protocols.
    translations:
      fr:
        name: "Planification et pr\xE9paration de la gestion des incidents de s\xE9\
          curit\xE9 de l'information"
        description: "Cette mesure de s\xE9curit\xE9 garantit une planification et\
          \ une pr\xE9paration ad\xE9quates pour la gestion des incidents de s\xE9\
          curit\xE9 de l'information. Les mesures incluent des plans de r\xE9ponse\
          \ aux incidents, des exercices de formation et des protocoles de communication."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.25
    ref_id: A.5.25
    name: Assessment and decision on information security events
    category: process
    description: This control establishes processes for assessing and deciding on
      actions related to information security events. Measures include root cause
      analysis, risk evaluation, and mitigation plans.
    translations:
      fr:
        name: "\xC9valuation des \xE9v\xE9nements de s\xE9curit\xE9 de l'information\
          \ et prise de d\xE9cision"
        description: "Cette mesure de s\xE9curit\xE9 \xE9tablit des processus pour\
          \ \xE9valuer et d\xE9cider des actions li\xE9es aux \xE9v\xE9nements de\
          \ s\xE9curit\xE9 de l'information. Les mesures incluent l'analyse des causes\
          \ profondes, l'\xE9valuation des risques et des plans d'att\xE9nuation."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.26
    ref_id: A.5.26
    name: Response to information security incidents
    category: process
    description: This control ensures effective response to information security incidents
      to minimize impact and recover quickly. Measures include incident reporting,
      escalation protocols, and containment strategies.
    translations:
      fr:
        name: "R\xE9ponse aux incidents de s\xE9curit\xE9 de l'information"
        description: "Cette mesure de s\xE9curit\xE9 garantit une r\xE9ponse efficace\
          \ aux incidents de s\xE9curit\xE9 de l'information pour minimiser l'impact\
          \ et r\xE9cup\xE9rer rapidement. Les mesures incluent le signalement des\
          \ incidents, des protocoles d'escalade et des strat\xE9gies de confinement."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.27
    ref_id: A.5.27
    name: Learning from information security incidents
    category: process
    description: This control ensures lessons learned from information security incidents
      are documented and implemented to improve processes. Measures include post-incident
      reviews, action plans, and policy updates.
    translations:
      fr:
        name: "Tirer des enseignements des incidents de s\xE9curit\xE9 de l'information"
        description: "Cette mesure de s\xE9curit\xE9 garantit que les le\xE7ons tir\xE9\
          es des incidents de s\xE9curit\xE9 de l'information sont document\xE9es\
          \ et mises en \u0153uvre pour am\xE9liorer les processus. Les mesures incluent\
          \ des revues post-incidents, des plans d'action et des mises \xE0 jour des\
          \ politiques."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.28
    ref_id: A.5.28
    name: Collection of evidence
    category: process
    description: This control ensures evidence is collected and preserved during security
      incidents to support investigations. Measures include chain-of-custody procedures,
      secure storage, and access controls.
    translations:
      fr:
        name: Collecte de preuves
        description: "Cette mesure de s\xE9curit\xE9 garantit que les preuves sont\
          \ collect\xE9es et conserv\xE9es lors des incidents de s\xE9curit\xE9 pour\
          \ soutenir les enqu\xEAtes. Les mesures incluent des proc\xE9dures de cha\xEE\
          ne de conservation, le stockage s\xE9curis\xE9 et les contr\xF4les d'acc\xE8\
          s."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.29
    ref_id: A.5.29
    name: Information security during disruption
    category: process
    description: This control ensures information security is maintained during disruptions
      to guarantee continuity of operations. Measures include contingency plans, backup
      systems, and failover mechanisms.
    translations:
      fr:
        name: "S\xE9curit\xE9 de l'information pendant une perturbation"
        description: "Cette mesure de s\xE9curit\xE9 garantit que la s\xE9curit\xE9\
          \ de l'information est maintenue pendant les perturbations pour assurer\
          \ la continuit\xE9 des op\xE9rations. Les mesures incluent des plans de\
          \ contingence, des syst\xE8mes de sauvegarde et des m\xE9canismes de basculement."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.30
    ref_id: A.5.30
    name: ICT readiness for business continuity
    category: process
    description: This control ensures ICT readiness for business continuity to minimize
      downtime during disruptions. Measures include testing recovery plans, redundant
      systems, and disaster recovery sites.
    translations:
      fr:
        name: "Pr\xE9paration des TIC la continuit\xE9 d'activit\xE9"
        description: "Cette mesure de s\xE9curit\xE9 garantit la pr\xE9paration TIC\
          \ pour la continuit\xE9 des activit\xE9s afin de minimiser les temps d'arr\xEA\
          t pendant les perturbations. Les mesures incluent des tests de plans de\
          \ reprise, des syst\xE8mes redondants et des sites de reprise apr\xE8s sinistre."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.31
    ref_id: A.5.31
    name: Legal, statutory, regulatory and contractual requirements
    category: process
    description: This control ensures compliance with legal, statutory, regulatory,
      and contractual information security requirements. Measures include policy reviews,
      audits, and evidence documentation.
    translations:
      fr:
        name: "Exigences l\xE9gales, statutaires, r\xE9glementaires et contractuelles"
        description: "Cette mesure de s\xE9curit\xE9 garantit la conformit\xE9 aux\
          \ exigences l\xE9gales, r\xE9glementaires et contractuelles en mati\xE8\
          re de s\xE9curit\xE9 de l'information. Les mesures incluent des revues de\
          \ politiques, des audits et la documentation des preuves."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.32
    ref_id: A.5.32
    name: ' Intellectual property rights'
    category: process
    description: This control ensures intellectual property rights are protected through
      appropriate information security measures. Measures include access restrictions,
      encryption, and legal agreements.
    translations:
      fr:
        name: " Droits de propri\xE9t\xE9 intellectuelle"
        description: "Cette mesure de s\xE9curit\xE9 garantit la protection des droits\
          \ de propri\xE9t\xE9 intellectuelle par des mesures de s\xE9curit\xE9 de\
          \ l'information appropri\xE9es. Les mesures incluent des restrictions d'acc\xE8\
          s, le chiffrement et des accords l\xE9gaux."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.33
    ref_id: A.5.33
    name: Protection of records
    category: process
    description: This control ensures records are securely stored and protected to
      prevent loss or unauthorized access. Measures include retention policies, secure
      storage, and access controls.
    translations:
      fr:
        name: Protection des enregistrements
        description: "Cette mesure de s\xE9curit\xE9 garantit que les enregistrements\
          \ sont stock\xE9s et prot\xE9g\xE9s de mani\xE8re s\xE9curis\xE9e pour pr\xE9\
          venir toute perte ou acc\xE8s non autoris\xE9. Les mesures incluent des\
          \ politiques de r\xE9tention, un stockage s\xE9curis\xE9 et des contr\xF4\
          les d'acc\xE8s."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.34
    ref_id: A.5.34
    name: Privacy and protection of PII
    category: process
    description: This control protects privacy and ensures the secure handling of
      personally identifiable information (PII). Measures include anonymization, encryption,
      and compliance with privacy laws.
    translations:
      fr:
        name: "Protection de la vie priv\xE9e et des donn\xE9es \xE0 caract\xE8re\
          \ personnel (DCP)"
        description: "Cette mesure de s\xE9curit\xE9 prot\xE8ge la confidentialit\xE9\
          \ et garantit le traitement s\xE9curis\xE9 des informations personnellement\
          \ identifiables (PII). Les mesures incluent l'anonymisation, le chiffrement\
          \ et la conformit\xE9 aux lois sur la confidentialit\xE9."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.35
    ref_id: A.5.35
    name: Independent review of information security
    category: process
    description: This control ensures independent reviews of information security
      to evaluate effectiveness and compliance. Measures include external audits,
      risk assessments, and follow-up actions.
    translations:
      fr:
        name: "R\xE9vision ind\xE9pendante de la s\xE9curit\xE9 de l'information"
        description: "Cette mesure de s\xE9curit\xE9 garantit des revues ind\xE9pendantes\
          \ de la s\xE9curit\xE9 de l'information pour \xE9valuer l'efficacit\xE9\
          \ et la conformit\xE9. Les mesures incluent des audits externes, des \xE9\
          valuations des risques et des actions de suivi."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.36
    ref_id: A.5.36
    name: Compliance with policies, rules and standards for information security
    category: process
    description: This control ensures compliance with all policies, rules, and standards
      for information security. Measures include regular training, policy reviews,
      and enforcement mechanisms.
    translations:
      fr:
        name: "Conformit\xE9 aux politiques, r\xE8gles et normes de s\xE9curit\xE9\
          \ de l'information"
        description: "Cette mesure de s\xE9curit\xE9 garantit la conformit\xE9 \xE0\
          \ toutes les politiques, r\xE8gles et normes en mati\xE8re de s\xE9curit\xE9\
          \ de l'information. Les mesures incluent des formations r\xE9guli\xE8res,\
          \ des revues de politiques et des m\xE9canismes d'application."
  - urn: urn:intuitem:risk:function:doc-pol:a.5.37
    ref_id: A.5.37
    name: Documented operating procedures
    category: process
    description: This control develops and maintains documented operating procedures
      to ensure consistency in security practices. Measures include process documentation,
      version control, and accessibility.
    translations:
      fr:
        name: "Proc\xE9dures d'exploitation document\xE9es"
        description: "Cette mesure de s\xE9curit\xE9 d\xE9veloppe et maintient des\
          \ proc\xE9dures op\xE9rationnelles document\xE9es pour garantir la coh\xE9\
          rence des pratiques de s\xE9curit\xE9. Les mesures incluent la documentation\
          \ des processus, le contr\xF4le des versions et l'accessibilit\xE9."
  - urn: urn:intuitem:risk:function:doc-pol:a.6.1
    ref_id: A.6.1
    name: Screening
    category: process
    description: This control ensures the implementation of screening processes to
      verify the suitability of candidates before employment. Measures include background
      checks, identity verification, and assessment of qualifications to reduce security
      risks.
    translations:
      fr:
        name: "S\xE9lection des candidats"
        description: "Cette mesure de s\xE9curit\xE9 garantit la mise en \u0153uvre\
          \ de processus de v\xE9rification pour \xE9valuer l'ad\xE9quation des candidats\
          \ avant leur embauche. Les mesures incluent des v\xE9rifications des ant\xE9\
          c\xE9dents, la v\xE9rification d'identit\xE9 et l'\xE9valuation des qualifications\
          \ pour r\xE9duire les risques de s\xE9curit\xE9."
  - urn: urn:intuitem:risk:function:doc-pol:a.6.2
    ref_id: A.6.2
    name: Terms and conditions of employment
    category: process
    description: This control ensures that terms and conditions of employment include
      information security responsibilities. Measures include explicit clauses about
      confidentiality, compliance with policies, and consequences for breaches.
    translations:
      fr:
        name: Termes et conditions du contrat de travail
        description: "Cette mesure de s\xE9curit\xE9 garantit que les termes et conditions\
          \ d'emploi incluent des responsabilit\xE9s en mati\xE8re de s\xE9curit\xE9\
          \ de l'information. Les mesures incluent des clauses explicites sur la confidentialit\xE9\
          , le respect des politiques et les cons\xE9quences des violations."
  - urn: urn:intuitem:risk:function:doc-pol:a.6.3
    ref_id: A.6.3
    name: Information security awareness, education and training
    category: process
    description: This control ensures that employees receive regular information security
      awareness, education, and training. Measures include scheduled training sessions,
      e-learning programs, and simulated phishing exercises.
    translations:
      fr:
        name: "Sensibilisation, enseignement et formation en s\xE9curit\xE9 de l'information"
        description: "Cette mesure de s\xE9curit\xE9 garantit que les employ\xE9s\
          \ re\xE7oivent une sensibilisation, une \xE9ducation et une formation r\xE9\
          guli\xE8res en mati\xE8re de s\xE9curit\xE9 de l'information. Les mesures\
          \ incluent des sessions de formation planifi\xE9es, des programmes d'apprentissage\
          \ en ligne et des exercices de phishing simul\xE9s."
  - urn: urn:intuitem:risk:function:doc-pol:a.6.4
    ref_id: A.6.4
    name: Disciplinary process
    category: process
    description: This control establishes a disciplinary process to address breaches
      of information security policies. Measures include clear guidelines, escalation
      procedures, and consistent enforcement to maintain accountability.
    translations:
      fr:
        name: "Proc\xE9dure disciplinaire"
        description: "Cette mesure de s\xE9curit\xE9 \xE9tablit un processus disciplinaire\
          \ pour traiter les violations des politiques de s\xE9curit\xE9 de l'information.\
          \ Les mesures incluent des lignes directrices claires, des proc\xE9dures\
          \ d'escalade et une application coh\xE9rente pour maintenir la responsabilit\xE9\
          ."
  - urn: urn:intuitem:risk:function:doc-pol:a.6.5
    ref_id: A.6.5
    name: Responsibilities after termination or change of employment
    category: process
    description: This control ensures that responsibilities related to information
      security are defined and enforced after termination or role changes. Measures
      include revoking access rights, collecting organizational assets, and conducting
      exit interviews.
    translations:
      fr:
        name: "Responsabilit\xE9s apr\xE8s la fin ou le changement d'emploi"
        description: "Cette mesure de s\xE9curit\xE9 garantit que les responsabilit\xE9\
          s li\xE9es \xE0 la s\xE9curit\xE9 de l'information sont d\xE9finies et appliqu\xE9\
          es apr\xE8s la fin d\u2019un contrat ou un changement de r\xF4le. Les mesures\
          \ incluent la r\xE9vocation des droits d'acc\xE8s, la r\xE9cup\xE9ration\
          \ des actifs de l'organisation et la r\xE9alisation d'entretiens de sortie."
  - urn: urn:intuitem:risk:function:doc-pol:a.6.6
    ref_id: A.6.6
    name: Confidentiality or non-disclosure agreements
    category: process
    description: This control implements confidentiality or non-disclosure agreements
      to protect sensitive information. Measures include signed agreements at the
      start of employment, periodic reminders, and enforcement of legal actions in
      case of violations.
    translations:
      fr:
        name: "Accords de confidentialit\xE9 ou de non-divulgation"
        description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre des accords\
          \ de confidentialit\xE9 ou de non-divulgation pour prot\xE9ger les informations\
          \ sensibles. Les mesures incluent des accords sign\xE9s au d\xE9but de l'emploi,\
          \ des rappels p\xE9riodiques et l'application d'actions l\xE9gales en cas\
          \ de violations."
  - urn: urn:intuitem:risk:function:doc-pol:a.6.7
    ref_id: A.6.7
    name: Remote working
    category: process
    description: This control ensures the secure management of information security
      risks during remote working. Measures include secure access to corporate systems,
      mandatory use of VPNs, and policies for handling sensitive data remotely.
    translations:
      fr:
        name: "Travail \xE0 distance"
        description: "Cette mesure de s\xE9curit\xE9 garantit la gestion s\xE9curis\xE9\
          e des risques li\xE9s \xE0 la s\xE9curit\xE9 de l'information pendant le\
          \ t\xE9l\xE9travail. Les mesures incluent un acc\xE8s s\xE9curis\xE9 aux\
          \ syst\xE8mes de l'entreprise, l'utilisation obligatoire de VPN et des politiques\
          \ pour la gestion des donn\xE9es sensibles \xE0 distance."
  - urn: urn:intuitem:risk:function:doc-pol:a.6.8
    ref_id: A.6.8
    name: Information security event reporting
    category: process
    description: This control ensures employees can promptly report information security
      events. Measures include incident reporting channels, awareness campaigns, and
      follow-up procedures to investigate and address reported events.
    translations:
      fr:
        name: "D\xE9claration des \xE9v\xE9nements de s\xE9curit\xE9 de l'information"
        description: "Cette mesure de s\xE9curit\xE9 garantit que les employ\xE9s\
          \ peuvent signaler rapidement les \xE9v\xE9nements de s\xE9curit\xE9 de\
          \ l'information. Les mesures incluent des canaux de signalement d'incidents,\
          \ des campagnes de sensibilisation et des proc\xE9dures de suivi pour enqu\xEA\
          ter et traiter les \xE9v\xE9nements signal\xE9s."
  - urn: urn:intuitem:risk:function:doc-pol:a.7.1
    ref_id: A.7.1
    name: Physical security perimeters
    category: physical
    description: This control establishes physical security perimeters to protect
      critical areas from unauthorized access. Measures include barriers, access controls,
      and monitoring systems to ensure only authorized individuals can enter.
    translations:
      fr:
        name: "P\xE9rim\xE8tres de s\xE9curit\xE9 physique"
        description: "Cette mesure de s\xE9curit\xE9 \xE9tablit des p\xE9rim\xE8tres\
          \ de s\xE9curit\xE9 physique pour prot\xE9ger les zones critiques contre\
          \ les acc\xE8s non autoris\xE9s. Les mesures incluent des barri\xE8res,\
          \ des contr\xF4les d'acc\xE8s et des syst\xE8mes de surveillance pour garantir\
          \ que seules les personnes autoris\xE9es peuvent entrer."
  - urn: urn:intuitem:risk:function:doc-pol:a.7.2
    ref_id: A.7.2
    name: Physical entry
    category: physical
    description: This control ensures physical entry points are controlled and monitored
      to prevent unauthorized access. Measures include badge systems, security personnel,
      and visitor logs.
    translations:
      fr:
        name: "Les entr\xE9es physiques"
        description: "Cette mesure de s\xE9curit\xE9 garantit que les points d'entr\xE9\
          e physiques sont contr\xF4l\xE9s et surveill\xE9s pour emp\xEAcher les acc\xE8\
          s non autoris\xE9s. Les mesures incluent des syst\xE8mes de badges, du personnel\
          \ de s\xE9curit\xE9 et des registres des visiteurs."
  - urn: urn:intuitem:risk:function:doc-pol:a.7.3
    ref_id: A.7.3
    name: Securing offices, rooms and facilities
    category: physical
    description: This control ensures that offices, rooms, and facilities are secured
      to protect information and resources. Measures include locked doors, restricted
      areas, and surveillance systems.
    translations:
      fr:
        name: "S\xE9curisation des bureaux, des salles et des installations"
        description: "Cette mesure de s\xE9curit\xE9 garantit que les bureaux, les\
          \ pi\xE8ces et les installations sont s\xE9curis\xE9s pour prot\xE9ger les\
          \ informations et les ressources. Les mesures incluent des portes verrouill\xE9\
          es, des zones restreintes et des syst\xE8mes de surveillance."
  - urn: urn:intuitem:risk:function:doc-pol:a.7.4
    ref_id: A.7.4
    name: Physical security monitoring
    category: physical
    description: This control implements physical security monitoring to detect and
      respond promptly to threats. Measures include CCTV systems, motion detectors,
      and real-time alerts.
    translations:
      fr:
        name: "Surveillance de la s\xE9curit\xE9 physique"
        description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre une surveillance\
          \ de la s\xE9curit\xE9 physique pour d\xE9tecter et r\xE9pondre rapidement\
          \ aux menaces. Les mesures incluent des syst\xE8mes de vid\xE9osurveillance,\
          \ des d\xE9tecteurs de mouvement et des alertes en temps r\xE9el."
  - urn: urn:intuitem:risk:function:doc-pol:a.7.5
    ref_id: A.7.5
    name: Protecting against physical and environmental threats
    category: physical
    description: This control protects systems and resources from physical and environmental
      threats. Measures include fire suppression systems, temperature controls, and
      flood prevention barriers.
    translations:
      fr:
        name: Protection contre les menaces physiques et environnementales
        description: "Cette mesure de s\xE9curit\xE9 prot\xE8ge les syst\xE8mes et\
          \ les ressources contre les menaces physiques et environnementales. Les\
          \ mesures incluent des syst\xE8mes de suppression d'incendie, des contr\xF4\
          les de temp\xE9rature et des barri\xE8res anti-inondation."
  - urn: urn:intuitem:risk:function:doc-pol:a.7.6
    ref_id: A.7.6
    name: Working In secure areas
    category: physical
    description: This control ensures that secure areas are managed to allow authorized
      access only. Measures include access control systems, visitor escorts, and activity
      monitoring.
    translations:
      fr:
        name: "Travail dans les zones s\xE9curis\xE9es"
        description: "Cette mesure de s\xE9curit\xE9 garantit que les zones s\xE9\
          curis\xE9es sont g\xE9r\xE9es pour permettre l'acc\xE8s uniquement aux personnes\
          \ autoris\xE9es. Les mesures incluent des syst\xE8mes de contr\xF4le d'acc\xE8\
          s, des escortes pour visiteurs et la surveillance des activit\xE9s."
  - urn: urn:intuitem:risk:function:doc-pol:a.7.7
    ref_id: A.7.7
    name: Clear desk and clear screen
    category: physical
    description: This control ensures sensitive information is not left exposed by
      adopting clear desk and clear screen policies. Measures include locking sensitive
      documents away and auto-locking screens when not in use.
    translations:
      fr:
        name: "Bureau propre et \xE9cran vide"
        description: "Cette mesure de s\xE9curit\xE9 garantit que les informations\
          \ sensibles ne sont pas laiss\xE9es expos\xE9es en adoptant des politiques\
          \ de bureau propre et d'\xE9cran clair. Les mesures incluent le verrouillage\
          \ des documents sensibles et le verrouillage automatique des \xE9crans en\
          \ cas d'inutilisation."
  - urn: urn:intuitem:risk:function:doc-pol:a.7.8
    ref_id: A.7.8
    name: Equipment siting and protection
    category: physical
    description: This control ensures that equipment is positioned and protected to
      prevent unauthorized access or damage. Measures include secure mounting, locked
      cabinets, and restricted access areas.
    translations:
      fr:
        name: "Emplacement et protection du mat\xE9riel"
        description: "Cette mesure de s\xE9curit\xE9 garantit que les \xE9quipements\
          \ sont positionn\xE9s et prot\xE9g\xE9s pour pr\xE9venir les acc\xE8s non\
          \ autoris\xE9s ou les dommages. Les mesures incluent des montages s\xE9\
          curis\xE9s, des armoires verrouill\xE9es et des zones d'acc\xE8s restreintes."
  - urn: urn:intuitem:risk:function:doc-pol:a.7.9
    ref_id: A.7.9
    name: Security of assets off-premises
    category: physical
    description: This control ensures assets used or stored off-premises are secured
      to maintain confidentiality and integrity. Measures include encryption, secure
      transport, and access tracking.
    translations:
      fr:
        name: "S\xE9curit\xE9 des actifs hors des locaux"
        description: "Cette mesure de s\xE9curit\xE9 garantit que les actifs utilis\xE9\
          s ou stock\xE9s hors des locaux sont s\xE9curis\xE9s pour maintenir leur\
          \ confidentialit\xE9 et leur int\xE9grit\xE9. Les mesures incluent le chiffrement,\
          \ le transport s\xE9curis\xE9 et le suivi des acc\xE8s."
  - urn: urn:intuitem:risk:function:doc-pol:a.7.10
    ref_id: A.7.10
    name: Storage media
    category: physical
    description: This control safeguards storage media to prevent unauthorized access
      or tampering. Measures include secure storage, encryption, and access restrictions.
    translations:
      fr:
        name: Supports de stockage
        description: "Cette mesure de s\xE9curit\xE9 prot\xE8ge les supports de stockage\
          \ pour emp\xEAcher tout acc\xE8s ou alt\xE9ration non autoris\xE9. Les mesures\
          \ incluent le stockage s\xE9curis\xE9, le chiffrement et les restrictions\
          \ d'acc\xE8s."
  - urn: urn:intuitem:risk:function:doc-pol:a.7.11
    ref_id: A.7.11
    name: Supporting utilities
    category: physical
    description: This control ensures that supporting utilities, such as power and
      cooling systems, are reliable and protected from disruptions. Measures include
      redundant systems and physical security.
    translations:
      fr:
        name: Services supports
        description: "Cette mesure de s\xE9curit\xE9 garantit que les utilitaires\
          \ de soutien, tels que les syst\xE8mes d'alimentation et de refroidissement,\
          \ sont fiables et prot\xE9g\xE9s contre les perturbations. Les mesures incluent\
          \ des syst\xE8mes redondants et une s\xE9curit\xE9 physique."
  - urn: urn:intuitem:risk:function:doc-pol:a.7.12
    ref_id: A.7.12
    name: Cabling security
    category: physical
    description: This control ensures that cables are secured to prevent unauthorized
      interception or damage. Measures include protective conduits, proper labeling,
      and secure routing.
    translations:
      fr:
        name: "S\xE9curit\xE9 du c\xE2blage"
        description: "Cette mesure de s\xE9curit\xE9 garantit que les c\xE2bles sont\
          \ s\xE9curis\xE9s pour pr\xE9venir toute interception ou tout dommage non\
          \ autoris\xE9. Les mesures incluent des conduits de protection, un \xE9\
          tiquetage appropri\xE9 et un routage s\xE9curis\xE9."
  - urn: urn:intuitem:risk:function:doc-pol:a.7.13
    ref_id: A.7.13
    name: Equipment maintenance
    category: physical
    description: This control ensures that equipment is maintained to guarantee proper
      functioning and prevent failures. Measures include regular servicing, secure
      maintenance practices, and authorized personnel access.
    translations:
      fr:
        name: "Maintenance du mat\xE9riel"
        description: "Cette mesure de s\xE9curit\xE9 garantit que les \xE9quipements\
          \ sont maintenus pour assurer leur bon fonctionnement et pr\xE9venir les\
          \ pannes. Les mesures incluent un entretien r\xE9gulier, des pratiques de\
          \ maintenance s\xE9curis\xE9es et un acc\xE8s r\xE9serv\xE9 au personnel\
          \ autoris\xE9."
  - urn: urn:intuitem:risk:function:doc-pol:a.7.14
    ref_id: A.7.14
    name: Secure disposal or re-use of equipment
    category: physical
    description: This control ensures the secure disposal or reuse of equipment to
      protect sensitive information. Measures include data sanitization, physical
      destruction, and certified disposal processes.
    translations:
      fr:
        name: "\xC9limination ou recyclage s\xE9curis\xE9(e) du mat\xE9riel"
        description: "Cette mesure de s\xE9curit\xE9 garantit l'\xE9limination ou\
          \ la r\xE9utilisation s\xE9curis\xE9e des \xE9quipements pour prot\xE9ger\
          \ les informations sensibles. Les mesures incluent la d\xE9sinfection des\
          \ donn\xE9es, la destruction physique et les processus de mise au rebut\
          \ certifi\xE9s."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.1
    ref_id: A.8.1
    name: User end point devices
    category: technical
    description: This control ensures the protection of endpoint devices such as laptops,
      desktops, and mobile devices by implementing security measures like endpoint
      detection, encryption, and secure configurations to minimize risks.
    translations:
      fr:
        name: Terminaux finaux des utilisateurs
        description: "Cette mesure de s\xE9curit\xE9 garantit la protection des dispositifs\
          \ de point de terminaison tels que les ordinateurs portables, de bureau\
          \ et les appareils mobiles en mettant en \u0153uvre des mesures comme la\
          \ d\xE9tection des terminaux, le chiffrement et des configurations s\xE9\
          curis\xE9es pour minimiser les risques."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.2
    ref_id: A.8.2
    name: Privileged access rights
    category: technical
    description: This control ensures that privileged access rights are granted, managed,
      and monitored carefully to prevent misuse and enhance security. Measures include
      role-based access controls, periodic reviews, and strict account management.
    translations:
      fr:
        name: "Droits d'acc\xE8s privil\xE9gi\xE9s"
        description: "Cette mesure de s\xE9curit\xE9 garantit que les droits d'acc\xE8\
          s privil\xE9gi\xE9s sont accord\xE9s, g\xE9r\xE9s et surveill\xE9s avec\
          \ soin pour pr\xE9venir les abus et renforcer la s\xE9curit\xE9. Les mesures\
          \ comprennent des contr\xF4les d'acc\xE8s bas\xE9s sur les r\xF4les, des\
          \ revues p\xE9riodiques et une gestion stricte des comptes."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.3
    ref_id: A.8.3
    name: Information access restriction
    category: technical
    description: This control restricts access to sensitive information based on need-to-know
      principles. Measures include user authentication, role-based permissions, and
      regular access reviews.
    translations:
      fr:
        name: "Restriction d'acc\xE8s aux informations"
        description: "Cette mesure de s\xE9curit\xE9 limite l'acc\xE8s aux informations\
          \ sensibles selon le principe du besoin d'en conna\xEEtre. Les mesures incluent\
          \ l'authentification des utilisateurs, les permissions bas\xE9es sur les\
          \ r\xF4les et des revues r\xE9guli\xE8res des acc\xE8s."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.4
    ref_id: A.8.4
    name: Access to source code
    category: technical
    description: This control secures access to source code by preventing unauthorized
      viewing, modification, or exposure. Measures include version control, secure
      repositories, and restricted developer access.
    translations:
      fr:
        name: "Acc\xE8s aux codes source"
        description: "Cette mesure de s\xE9curit\xE9 s\xE9curise l'acc\xE8s au code\
          \ source en emp\xEAchant la visualisation, la modification ou l'exposition\
          \ non autoris\xE9es. Les mesures incluent le contr\xF4le de version, les\
          \ d\xE9p\xF4ts s\xE9curis\xE9s et l'acc\xE8s restreint aux d\xE9veloppeurs."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.5
    ref_id: A.8.5
    name: Secure authentication
    category: technical
    description: This control implements strong authentication mechanisms, such as
      multi-factor authentication, to verify user identities and prevent unauthorized
      access.
    translations:
      fr:
        name: "Authentification s\xE9curis\xE9e"
        description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre des m\xE9canismes\
          \ d'authentification solides, tels que l'authentification multifacteur,\
          \ pour v\xE9rifier l'identit\xE9 des utilisateurs et emp\xEAcher les acc\xE8\
          s non autoris\xE9s."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.6
    ref_id: A.8.6
    name: Capacity management
    category: technical
    description: This control ensures system capacity is managed to provide adequate
      performance and prevent disruptions. Measures include monitoring resource usage
      and planning for future needs.
    translations:
      fr:
        name: Dimensionnement
        description: "Cette mesure de s\xE9curit\xE9 garantit que la capacit\xE9 des\
          \ syst\xE8mes est g\xE9r\xE9e pour assurer des performances ad\xE9quates\
          \ et \xE9viter les perturbations. Les mesures incluent la surveillance de\
          \ l'utilisation des ressources et la planification des besoins futurs."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.7
    ref_id: A.8.7
    name: Protection against malware
    category: technical
    description: This control deploys measures like antivirus software, threat detection
      tools, and regular updates to protect systems from malware and malicious attacks.
    translations:
      fr:
        name: Protection contre les programmes malveillants (malware)
        description: "Cette mesure de s\xE9curit\xE9 d\xE9ploie des mesures comme\
          \ des logiciels antivirus, des outils de d\xE9tection des menaces et des\
          \ mises \xE0 jour r\xE9guli\xE8res pour prot\xE9ger les syst\xE8mes contre\
          \ les logiciels malveillants et les attaques."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.8
    ref_id: A.8.8
    name: Management of technical vulnerabilities
    category: technical
    description: This control identifies, evaluates, and remediates technical vulnerabilities
      promptly to minimize security risks. Measures include vulnerability scanning
      and patch management.
    translations:
      fr:
        name: "Gestion des vuln\xE9rabilit\xE9s techniques"
        description: "Cette mesure de s\xE9curit\xE9 identifie, \xE9value et rem\xE9\
          die rapidement aux vuln\xE9rabilit\xE9s techniques pour minimiser les risques\
          \ de s\xE9curit\xE9. Les mesures incluent les analyses de vuln\xE9rabilit\xE9\
          s et la gestion des correctifs."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.9
    ref_id: A.8.9
    name: Configuration management
    category: technical
    description: This control ensures consistent management of system configurations
      to maintain security settings and prevent unauthorized changes.
    translations:
      fr:
        name: Gestion des configurations
        description: "Cette mesure de s\xE9curit\xE9 garantit une gestion coh\xE9\
          rente des configurations des syst\xE8mes pour maintenir des param\xE8tres\
          \ s\xE9curis\xE9s et pr\xE9venir les changements non autoris\xE9s."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.10
    ref_id: A.8.10
    name: Information deletion
    category: technical
    description: This control ensures sensitive information is securely deleted when
      no longer required to prevent unauthorized recovery or exposure.
    translations:
      fr:
        name: Suppression des informations
        description: "Cette mesure de s\xE9curit\xE9 garantit que les informations\
          \ sensibles sont supprim\xE9es de mani\xE8re s\xE9curis\xE9e lorsqu'elles\
          \ ne sont plus n\xE9cessaires pour \xE9viter toute r\xE9cup\xE9ration ou\
          \ exposition non autoris\xE9e."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.11
    ref_id: A.8.11
    name: Data masking
    category: technical
    description: This control protects sensitive information during processing or
      display by using data masking techniques to obscure data from unauthorized users.
    translations:
      fr:
        name: "Masquage des donn\xE9es"
        description: "Cette mesure de s\xE9curit\xE9 prot\xE8ge les informations sensibles\
          \ lors de leur traitement ou affichage en utilisant des techniques de masquage\
          \ des donn\xE9es pour les rendre inaccessibles aux utilisateurs non autoris\xE9\
          s."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.12
    ref_id: A.8.12
    name: Data leakage prevention
    category: technical
    description: This control implements mechanisms to prevent the accidental exposure
      of sensitive data through email, removable media, or other channels.
    translations:
      fr:
        name: "Pr\xE9vention de la fuite de donn\xE9es"
        description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre des m\xE9canismes\
          \ pour emp\xEAcher l'exposition accidentelle des donn\xE9es sensibles via\
          \ des e-mails, des supports amovibles ou d'autres canaux."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.13
    ref_id: A.8.13
    name: Information backup
    category: technical
    description: This control ensures critical information is backed up regularly
      and securely to ensure its availability in case of incidents or disasters.
    translations:
      fr:
        name: Sauvegarde des informations
        description: "Cette mesure de s\xE9curit\xE9 garantit que les informations\
          \ critiques sont sauvegard\xE9es r\xE9guli\xE8rement et en toute s\xE9curit\xE9\
          \ pour assurer leur disponibilit\xE9 en cas d'incidents ou de catastrophes."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.14
    ref_id: A.8.14
    name: Redundancy of information processing facilities
    category: technical
    description: This control ensures redundancy is built into processing facilities
      to maintain availability and operations during system failures or emergencies.
    translations:
      fr:
        name: Redondance des moyens de traitement de l'information
        description: "Cette mesure de s\xE9curit\xE9 garantit que la redondance est\
          \ int\xE9gr\xE9e dans les installations de traitement pour maintenir la\
          \ disponibilit\xE9 et les op\xE9rations en cas de d\xE9faillances ou d'urgences."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.15
    ref_id: A.8.15
    name: Logging
    category: technical
    description: This control enables logging of activities within systems to support
      monitoring, incident detection, and forensic investigations.
    translations:
      fr:
        name: Journalisation
        description: "Cette mesure de s\xE9curit\xE9 permet la journalisation des\
          \ activit\xE9s au sein des syst\xE8mes pour soutenir la surveillance, la\
          \ d\xE9tection des incidents et les analyses forensiques."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.16
    ref_id: A.8.16
    name: Monitoring activities
    category: technical
    description: This control ensures the ongoing monitoring of system activities
      to detect, respond to, and mitigate security threats.
    translations:
      fr:
        name: "Activit\xE9s de surveillance"
        description: "Cette mesure de s\xE9curit\xE9 garantit la surveillance continue\
          \ des activit\xE9s du syst\xE8me pour d\xE9tecter, r\xE9pondre et att\xE9\
          nuer les menaces \xE0 la s\xE9curit\xE9."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.17
    ref_id: A.8.17
    name: Clock synchronization
    category: technical
    description: This control ensures system clocks are synchronized to maintain accurate
      and consistent timestamps for logs and other critical processes.
    translations:
      fr:
        name: Synchronisation des horloges
        description: "Cette mesure de s\xE9curit\xE9 garantit que les horloges des\
          \ syst\xE8mes sont synchronis\xE9es pour maintenir des horodatages pr\xE9\
          cis et coh\xE9rents pour les journaux et d'autres processus critiques."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.18
    ref_id: A.8.18
    name: Use of privileged utility programs
    category: technical
    description: This control restricts and monitors the use of privileged utility
      programs to prevent misuse and unauthorized actions.
    translations:
      fr:
        name: "Utilisation de programmes utilitaires \xE0 privil\xE8ges"
        description: "Cette mesure de s\xE9curit\xE9 restreint et surveille l'utilisation\
          \ des programmes utilitaires privil\xE9gi\xE9s pour pr\xE9venir les abus\
          \ et les actions non autoris\xE9es."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.19
    ref_id: A.8.19
    name: Installation of software on operational systems
    category: technical
    description: This control ensures software installation on operational systems
      is managed securely to prevent vulnerabilities or unauthorized changes.
    translations:
      fr:
        name: "Installation de logiciels sur des syst\xE8mes op\xE9rationnels"
        description: "Cette mesure de s\xE9curit\xE9 garantit que l'installation de\
          \ logiciels sur les syst\xE8mes op\xE9rationnels est g\xE9r\xE9e de mani\xE8\
          re s\xE9curis\xE9e pour \xE9viter les vuln\xE9rabilit\xE9s ou les modifications\
          \ non autoris\xE9es."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.20
    ref_id: A.8.20
    name: Networks security
    category: technical
    description: This control ensures network security through firewalls, intrusion
      detection systems, and access controls to protect against unauthorized access
      and attacks.
    translations:
      fr:
        name: "S\xE9curit\xE9 des r\xE9seaux"
        description: "Cette mesure de s\xE9curit\xE9 garantit la s\xE9curit\xE9 du\
          \ r\xE9seau gr\xE2ce \xE0 des pare-feu, des syst\xE8mes de d\xE9tection\
          \ d'intrusion et des contr\xF4les d'acc\xE8s pour prot\xE9ger contre les\
          \ acc\xE8s non autoris\xE9s et les attaques."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.21
    ref_id: A.8.21
    name: Security of network services
    category: technical
    description: This control ensures network services are protected to maintain confidentiality,
      integrity, and availability during use.
    translations:
      fr:
        name: "S\xE9curit\xE9 des services r\xE9seau"
        description: "Cette mesure de s\xE9curit\xE9 garantit que les services r\xE9\
          seau sont prot\xE9g\xE9s pour maintenir la confidentialit\xE9, l'int\xE9\
          grit\xE9 et la disponibilit\xE9 pendant leur utilisation."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.22
    ref_id: A.8.22
    name: Segregation of networks
    category: technical
    description: This control implements network segregation to limit the spread of
      threats and minimize the impact of potential breaches.
    translations:
      fr:
        name: "Cloisonnement des r\xE9seaux"
        description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre la segmentation\
          \ des r\xE9seaux pour limiter la propagation des menaces et minimiser l'impact\
          \ des violations potentielles."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.23
    ref_id: A.8.23
    name: 'Web filtering '
    category: technical
    description: This control uses web filtering tools to block unauthorized or harmful
      content from being accessed over the internet.
    translations:
      fr:
        name: 'Filtrage web '
        description: "Cette mesure de s\xE9curit\xE9 utilise des outils de filtrage\
          \ Web pour bloquer le contenu non autoris\xE9 ou nuisible accessible sur\
          \ Internet."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.24
    ref_id: A.8.24
    name: Use of cryptography
    category: technical
    description: This control ensures cryptographic techniques are applied to protect
      data confidentiality, integrity, and authenticity.
    translations:
      fr:
        name: Utilisation de la cryptographie
        description: "Cette mesure de s\xE9curit\xE9 garantit que des techniques cryptographiques\
          \ sont appliqu\xE9es pour prot\xE9ger la confidentialit\xE9, l'int\xE9grit\xE9\
          \ et l'authenticit\xE9 des donn\xE9es."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.25
    ref_id: A.8.25
    name: Secure development life cycle
    category: technical
    description: This control integrates security into all stages of the development
      life cycle to ensure systems and applications are built securely.
    translations:
      fr:
        name: "Cycle de vie de d\xE9veloppement s\xE9curis\xE9"
        description: "Cette mesure de s\xE9curit\xE9 int\xE8gre la s\xE9curit\xE9\
          \ \xE0 toutes les \xE9tapes du cycle de vie du d\xE9veloppement pour garantir\
          \ que les syst\xE8mes et applications sont construits de mani\xE8re s\xE9\
          curis\xE9e."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.26
    ref_id: A.8.26
    name: Application security requirements
    category: technical
    description: This control defines and enforces security requirements for applications
      to safeguard against vulnerabilities.
    translations:
      fr:
        name: "Exigences de s\xE9curit\xE9 des applications"
        description: "Cette mesure de s\xE9curit\xE9 d\xE9finit et applique des exigences\
          \ de s\xE9curit\xE9 pour les applications afin de prot\xE9ger contre les\
          \ vuln\xE9rabilit\xE9s."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.27
    ref_id: A.8.27
    name: Secure system architecture and engineering principles
    category: technical
    description: This control ensures secure design principles are adopted during
      the development of system architectures.
    translations:
      fr:
        name: "Principes d'ing\xE9nierie et d'architecture des syst\xE8mes s\xE9curis\xE9\
          s"
        description: "Cette mesure de s\xE9curit\xE9 garantit que des principes de\
          \ conception s\xE9curis\xE9s sont adopt\xE9s lors du d\xE9veloppement des\
          \ architectures syst\xE8me."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.28
    ref_id: A.8.28
    name: Secure coding
    category: technical
    description: This control implements secure coding practices to minimize vulnerabilities
      in developed software.
    translations:
      fr:
        name: "Codage s\xE9curis\xE9"
        description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre des pratiques\
          \ de codage s\xE9curis\xE9 pour minimiser les vuln\xE9rabilit\xE9s des logiciels\
          \ d\xE9velopp\xE9s."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.29
    ref_id: A.8.29
    name: Security testing in development and acceptance
    category: technical
    description: This control ensures security testing is conducted during development
      and acceptance phases to identify weaknesses.
    translations:
      fr:
        name: "Tests de s\xE9curit\xE9 dans le d\xE9veloppement et l'acceptation"
        description: "Cette mesure de s\xE9curit\xE9 garantit que des tests de s\xE9\
          curit\xE9 sont effectu\xE9s pendant les phases de d\xE9veloppement et d'acceptation\
          \ pour identifier les faiblesses."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.30
    ref_id: A.8.30
    name: 'Outsourced development '
    category: technical
    description: This control ensures security risks are managed effectively when
      development is outsourced to third-party vendors.
    translations:
      fr:
        name: "D\xE9veloppement externalis\xE9 "
        description: "Cette mesure de s\xE9curit\xE9 garantit que les risques de s\xE9\
          curit\xE9 sont g\xE9r\xE9s efficacement lorsque le d\xE9veloppement est\
          \ externalis\xE9 \xE0 des fournisseurs tiers."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.31
    ref_id: A.8.31
    name: Separation of development, test and production environments
    category: technical
    description: This control ensures development, test, and production environments
      are segregated to prevent unintended interactions and unauthorized access.
    translations:
      fr:
        name: "S\xE9paration des environnements de d\xE9veloppement, de test et op\xE9\
          rationnels"
        description: "Cette mesure de s\xE9curit\xE9 garantit que les environnements\
          \ de d\xE9veloppement, de test et de production sont s\xE9par\xE9s pour\
          \ \xE9viter les interactions involontaires et les acc\xE8s non autoris\xE9\
          s."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.32
    ref_id: A.8.32
    name: Change management
    category: technical
    description: This control ensures changes to systems are managed securely to minimize
      risks and maintain operational stability.
    translations:
      fr:
        name: Gestion des changements
        description: "Cette mesure de s\xE9curit\xE9 garantit que les modifications\
          \ des syst\xE8mes sont g\xE9r\xE9es de mani\xE8re s\xE9curis\xE9e pour minimiser\
          \ les risques et maintenir la stabilit\xE9 op\xE9rationnelle."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.33
    ref_id: A.8.33
    name: Test information
    category: technical
    description: This control protects test data to prevent the exposure of sensitive
      or confidential information during testing processes.
    translations:
      fr:
        name: Informations de test
        description: "Cette mesure de s\xE9curit\xE9 prot\xE8ge les donn\xE9es de\
          \ test pour \xE9viter l'exposition d'informations sensibles ou confidentielles\
          \ lors des processus de test."
  - urn: urn:intuitem:risk:function:doc-pol:a.8.34
    ref_id: A.8.34
    name: Protection of information systems during audit testing
    category: technical
    description: This control ensures that systems and data are safeguarded during
      audits by preventing unauthorized access, data leakage, or disruptions. Measures
      include using non-production environments, access restrictions, and confidentiality
      agreements to maintain system security and integrity.
    translations:
      fr:
        name: "Protection des syst\xE8mes d'information pendant les tests d'audit"
        description: "Cette mesure de s\xE9curit\xE9 garantit que les syst\xE8mes\
          \ et les donn\xE9es sont prot\xE9g\xE9s pendant les audits en emp\xEAchant\
          \ les acc\xE8s non autoris\xE9s, les fuites de donn\xE9es ou les perturbations.\
          \ Les mesures incluent l'utilisation d'environnements non productifs, des\
          \ restrictions d'acc\xE8s et des accords de confidentialit\xE9 pour pr\xE9\
          server la s\xE9curit\xE9 et l'int\xE9grit\xE9 des syst\xE8mes."
  framework:
    urn: urn:intuitem:risk:framework:iso27001-2022
    ref_id: ISO/IEC 27001:2022
    name: International standard ISO/IEC 27001:2022
    description: "Information security, cybersecurity and privacy protection \u2014\
      \ Information security management systems \u2014 Requirements"
    translations:
      fr:
        name: Norme internationale ISO/IEC 27001:2022
        description: "S\xE9curit\xE9 de l'information, cybers\xE9curit\xE9 et protection\
          \ de la vie priv\xE9e \u2014 Information syst\xE8me de management de la\
          \ s\xE9curit\xE9 \u2014 Exigences"
    implementation_groups_definition:
    - ref_id: Clauses
      name: Clauses
      description: null
    - ref_id: SoA
      name: Statement of Applicability
      description: null
    requirement_nodes:
    - urn: urn:intuitem:risk:req_node:iso27001-2022:core
      assessable: false
      depth: 1
      ref_id: core
      name: Clauses
      implementation_groups:
      - Clauses
      translations:
        fr:
          name: Clauses
          description: null
    - urn: urn:intuitem:risk:req_node:iso27001-2022:4
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:core
      ref_id: '4'
      name: 'Context of the organization '
      implementation_groups:
      - Clauses
      translations:
        fr:
          name: Contexte de l'organisation
          description: null
    - urn: urn:intuitem:risk:req_node:iso27001-2022:4.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:4
      ref_id: '4.1'
      name: Understanding the organization and its context
      description: "Identify internal and external factors that influence the organization\u2019\
        s ability to achieve information security objectives, ensuring the ISMS is\
        \ aligned with its context."
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:doc.context
      translations:
        fr:
          name: "Compr\xE9hension de l'organisation et de son contexte"
          description: "Identifier les facteurs internes et externes qui influencent\
            \ la capacit\xE9 de l\u2019organisation \xE0 atteindre ses objectifs de\
            \ s\xE9curit\xE9 de l\u2019information, en veillant \xE0 ce que le SMSI\
            \ soit align\xE9 sur son contexte."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:4.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:4
      ref_id: '4.2'
      name: Understanding the needs and expectations of interested parties
      description: Analyze the needs and expectations of interested parties to incorporate
        them into the ISMS and address relevant information security requirements.
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:doc.context
      translations:
        fr:
          name: "Compr\xE9hension des besoins et attentes des parties int\xE9ress\xE9\
            es"
          description: "Analyser les besoins et attentes des parties int\xE9ress\xE9\
            es pour les int\xE9grer dans le SMSI et r\xE9pondre aux exigences pertinentes\
            \ en mati\xE8re de s\xE9curit\xE9 de l\u2019information."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:4.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:4
      ref_id: '4.3'
      name: Determining the scope of the information security management system
      description: Define the scope of the ISMS by considering internal and external
        factors, stakeholder needs, and dependencies within the operational environment.
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:doc.scope
      translations:
        fr:
          name: "D\xE9termination du domaine d'application du syst\xE8me de management\
            \ de la s\xE9curit\xE9 de l'information"
          description: "D\xE9finir le p\xE9rim\xE8tre du SMSI en prenant en compte\
            \ les facteurs internes et externes, les besoins des parties prenantes\
            \ et les d\xE9pendances dans l\u2019environnement op\xE9rationnel."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:4.4
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:4
      ref_id: '4.4'
      name: Information security management system
      description: Build, run, and continually improve an ISMS to effectively manage
        information security risks and meet organizational goals.
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:doc.overview
      translations:
        fr:
          name: "Syst\xE8me de management de la s\xE9curit\xE9 de l'information"
          description: "Concevoir, exploiter et am\xE9liorer en continu un SMSI pour\
            \ g\xE9rer efficacement les risques de s\xE9curit\xE9 de l\u2019information\
            \ et atteindre les objectifs organisationnels."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:5
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:core
      ref_id: '5'
      name: Leadership
      implementation_groups:
      - Clauses
      translations:
        fr:
          name: Leadership
          description: null
    - urn: urn:intuitem:risk:req_node:iso27001-2022:5.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:5
      ref_id: '5.1'
      name: Leadership and commitment
      description: Demonstrate leadership and commitment by supporting the ISMS, aligning
        it with organizational objectives, allocating resources, promoting a security
        culture, and driving continual improvement.
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:doc.overview
      - urn:intuitem:risk:function:doc-pol:doc.controls
      - urn:intuitem:risk:function:doc-pol:doc.com
      - urn:intuitem:risk:function:doc-pol:doc.audit_plan
      - urn:intuitem:risk:function:doc-pol:doc.competency
      - urn:intuitem:risk:function:doc-pol:pol.main
      translations:
        fr:
          name: Leadership et engagement
          description: "D\xE9montrer un leadership et un engagement en soutenant le\
            \ SMSI, en l'alignant sur les objectifs organisationnels, en allouant\
            \ des ressources, en promouvant une culture de s\xE9curit\xE9 et en favorisant\
            \ l'am\xE9lioration continue."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:5.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:5
      ref_id: '5.2'
      name: ' Policy'
      description: Establish an information security policy aligned with the organization's
        objectives and strategic direction, outlining commitments to compliance, continual
        improvement, and the promotion of information security.
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:pol.main
      translations:
        fr:
          name: ' Politique'
          description: "\xC9tablir une politique de s\xE9curit\xE9 de l\u2019information\
            \ align\xE9e sur les objectifs et la direction strat\xE9gique de l'organisation,\
            \ pr\xE9cisant les engagements en mati\xE8re de conformit\xE9, d'am\xE9\
            lioration continue et de promotion de la s\xE9curit\xE9 de l\u2019information."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:5.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:5
      ref_id: '5.3'
      name: Organizational roles, responsibilities and authorities
      description: Define, assign, and communicate roles, responsibilities, and authorities
        to ensure the effective implementation and operation of the ISMS, with accountability
        aligned to organizational objectives.
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:doc.raci
      translations:
        fr:
          name: "R\xF4les, responsabilit\xE9s et autorit\xE9s au sein de l'organisation"
          description: "D\xE9finir, attribuer et communiquer les r\xF4les, responsabilit\xE9\
            s et autorit\xE9s pour assurer la mise en \u0153uvre et le fonctionnement\
            \ efficaces du SMSI, avec une responsabilit\xE9 align\xE9e sur les objectifs\
            \ organisationnels."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:6
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:core
      ref_id: '6'
      name: Planning
      implementation_groups:
      - Clauses
      translations:
        fr:
          name: Planification
          description: null
    - urn: urn:intuitem:risk:req_node:iso27001-2022:6.1
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:6
      ref_id: '6.1'
      name: Actions to address risks and opportunities
      implementation_groups:
      - Clauses
      translations:
        fr:
          name: "Actions \xE0 mettre en oeuvre face aux risques et opportunit\xE9s"
          description: null
    - urn: urn:intuitem:risk:req_node:iso27001-2022:6.1.1
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:6.1
      ref_id: 6.1.1
      name: General
      description: Establish a process to identify information security risks and
        opportunities, considering internal and external factors, stakeholder needs,
        and applicable requirements to ensure the ISMS achieves its objectives.
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:pol.risk
      - urn:intuitem:risk:function:doc-pol:doc.risk_register
      translations:
        fr:
          name: "G\xE9n\xE9ralit\xE9s"
          description: "\xC9tablir un processus pour identifier les risques et opportunit\xE9\
            s en mati\xE8re de s\xE9curit\xE9 de l\u2019information, en prenant en\
            \ compte les facteurs internes et externes, les besoins des parties prenantes\
            \ et les exigences applicables, afin d\u2019assurer que le SMSI atteigne\
            \ ses objectifs."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:6.1.2
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:6.1
      ref_id: 6.1.2
      name: Information security risk assessment requirement
      description: Establish a process to assess information security risks at planned
        intervals, using defined criteria to evaluate threats to confidentiality,
        integrity, and availability, ensuring consistent and reliable results.
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:pol.risk
      - urn:intuitem:risk:function:doc-pol:doc.risk_register
      translations:
        fr:
          name: "Appr\xE9ciation des risques de s\xE9curit\xE9 de l'information"
          description: "\xC9tablir un processus pour \xE9valuer les risques li\xE9\
            s \xE0 la s\xE9curit\xE9 de l\u2019information \xE0 des intervalles planifi\xE9\
            s, en utilisant des crit\xE8res d\xE9finis pour \xE9valuer les menaces\
            \ sur la confidentialit\xE9, l\u2019int\xE9grit\xE9 et la disponibilit\xE9\
            , garantissant des r\xE9sultats coh\xE9rents et fiables."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:6.1.3
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:6.1
      ref_id: 6.1.3
      name: Information security risk treatment
      description: Define a process to address identified information security risks
        by selecting appropriate controls, ensuring alignment with risk acceptance
        criteria, and documenting them in a risk treatment plan.
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:pol.risk
      - urn:intuitem:risk:function:doc-pol:doc.risk_register
      - urn:intuitem:risk:function:doc-pol:doc.soa
      translations:
        fr:
          name: "Traitement des risques de s\xE9curit\xE9 de l'information"
          description: "D\xE9finir un processus pour traiter les risques identifi\xE9\
            s en mati\xE8re de s\xE9curit\xE9 de l\u2019information en s\xE9lectionnant\
            \ des contr\xF4les appropri\xE9s, en assurant leur alignement avec les\
            \ crit\xE8res d\u2019acceptation des risques et en les documentant dans\
            \ un plan de traitement des risques."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:6.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:6
      ref_id: '6.2'
      name: Information security objectives and planning to achieve them
      description: Set measurable information security objectives aligned with the
        ISMS and strategic goals, and plan actions detailing responsibilities, resources,
        timelines, and evaluation methods to achieve them.
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:pol.main
      - urn:intuitem:risk:function:doc-pol:doc.so_register
      - urn:intuitem:risk:function:doc-pol:doc.risk_register
      - urn:intuitem:risk:function:doc-pol:doc.mgmt_review
      translations:
        fr:
          name: "Objectifs de s\xE9curit\xE9 de l'information et plans pour les atteindre"
          description: "D\xE9finir des objectifs mesurables en mati\xE8re de s\xE9\
            curit\xE9 de l\u2019information align\xE9s sur le SMSI et les objectifs\
            \ strat\xE9giques, et planifier des actions d\xE9taillant les responsabilit\xE9\
            s, les ressources, les \xE9ch\xE9ances et les m\xE9thodes d\u2019\xE9\
            valuation pour les atteindre."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:6.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:6
      ref_id: '6.3'
      name: Planning for changes
      description: Plan changes to the ISMS systematically to ensure alignment with
        information security requirements, seamless integration into existing processes,
        and effective risk management.
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:pol.maintenance
      translations:
        fr:
          name: Planification des modifications
          description: "Planifier les changements au SMSI de mani\xE8re syst\xE9matique\
            \ pour garantir leur alignement avec les exigences de s\xE9curit\xE9 de\
            \ l\u2019information, leur int\xE9gration transparente dans les processus\
            \ existants et une gestion efficace des risques."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:7
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:core
      ref_id: '7'
      name: ' Support'
      implementation_groups:
      - Clauses
      translations:
        fr:
          name: ' Supports'
          description: null
    - urn: urn:intuitem:risk:req_node:iso27001-2022:7.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:7
      ref_id: '7.1'
      name: Resources
      description: Provide the necessary resources to build, run, and continually
        improve the ISMS, ensuring its effective operation and alignment with organizational
        goals.
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:doc.raci
      - urn:intuitem:risk:function:doc-pol:doc.competency
      - urn:intuitem:risk:function:doc-pol:doc.controls
      translations:
        fr:
          name: Ressources
          description: "Fournir les ressources n\xE9cessaires pour construire, exploiter\
            \ et am\xE9liorer en continu le SMSI, en garantissant son fonctionnement\
            \ efficace et son alignement avec les objectifs organisationnels."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:7.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:7
      ref_id: '7.2'
      name: Competence
      description: Ensure personnel involved in the ISMS possess the necessary competence
        through appropriate education, training, or experience to fulfill their responsibilities
        effectively.
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:pol.educ
      - urn:intuitem:risk:function:doc-pol:doc.educ_register
      translations:
        fr:
          name: "Comp\xE9tences"
          description: "Garantir que le personnel impliqu\xE9 dans le SMSI dispose\
            \ des comp\xE9tences n\xE9cessaires gr\xE2ce \xE0 une formation, une \xE9\
            ducation ou une exp\xE9rience appropri\xE9es pour remplir efficacement\
            \ leurs responsabilit\xE9s."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:7.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:7
      ref_id: '7.3'
      name: Awareness
      description: Promote awareness among relevant personnel about the ISMS, their
        role in information security, and the importance of compliance with security
        policies and requirements.
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:pol.educ
      - urn:intuitem:risk:function:doc-pol:doc.educ_register
      translations:
        fr:
          name: Sensibilisation
          description: "Promouvoir la sensibilisation du personnel concern\xE9 au\
            \ SMSI, \xE0 leur r\xF4le dans la s\xE9curit\xE9 de l\u2019information\
            \ et \xE0 l\u2019importance de se conformer aux politiques et exigences\
            \ de s\xE9curit\xE9."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:7.4
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:7
      ref_id: '7.4'
      name: Communication
      description: Establish effective internal and external communication processes,
        ensuring the timely and appropriate exchange of information relevant to the
        ISMS and its objectives.
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:doc.com
      translations:
        fr:
          name: Communication
          description: "\xC9tablir des processus de communication internes et externes\
            \ efficaces, assurant un \xE9change d\u2019informations opportun et appropri\xE9\
            \ en lien avec le SMSI et ses objectifs."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:7.5
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:7
      ref_id: '7.5'
      name: Documented Information
      implementation_groups:
      - Clauses
      translations:
        fr:
          name: "Informations document\xE9es"
          description: null
    - urn: urn:intuitem:risk:req_node:iso27001-2022:7.5.1
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:7.5
      ref_id: 7.5.1
      name: General
      description: Document the ISMS as needed to ensure effective planning, operation,
        control of processes, and alignment with organizational requirements.
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:doc.doc_register
      translations:
        fr:
          name: "G\xE9n\xE9ralit\xE9s"
          description: "Documenter le SMSI selon les besoins pour garantir une planification\
            \ efficace, le fonctionnement, le contr\xF4le des processus et l\u2019\
            alignement avec les exigences organisationnelles."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:7.5.2
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:7.5
      ref_id: 7.5.2
      name: Creating and Updating documented information
      description: Ensure ISMS documentation is appropriately created, updated, and
        controlled, including proper approval and version management.
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:doc.doc_register
      translations:
        fr:
          name: "Cr\xE9ation et mise \xE0 jour"
          description: "S\u2019assurer que la documentation du SMSI est correctement\
            \ cr\xE9\xE9e, mise \xE0 jour et contr\xF4l\xE9e, y compris avec une approbation\
            \ et une gestion des versions appropri\xE9es."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:7.5.3
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:7.5
      ref_id: 7.5.3
      name: Control of documented information
      description: Make ISMS documentation accessible and usable for those who need
        it, while protecting it from unauthorized access or loss.
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:doc.doc_register
      translations:
        fr:
          name: "Contr\xF4le des informations document\xE9es"
          description: "Rendre la documentation du SMSI accessible et utilisable pour\
            \ ceux qui en ont besoin, tout en la prot\xE9geant contre tout acc\xE8\
            s non autoris\xE9 ou perte."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:8
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:core
      ref_id: '8'
      name: Operations
      implementation_groups:
      - Clauses
      translations:
        fr:
          name: Fonctionnement
          description: null
    - urn: urn:intuitem:risk:req_node:iso27001-2022:8.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:8
      ref_id: '8.1'
      name: Operational planning and control
      description: Plan and control ISMS processes, ensuring consistency with requirements
        and making necessary adjustments to address risks and opportunities.
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:doc.raci
      - urn:intuitem:risk:function:doc-pol:doc.proc_register
      translations:
        fr:
          name: "Planification et contr\xF4le op\xE9rationnels"
          description: "Planifier et contr\xF4ler les processus du SMSI, en garantissant\
            \ leur coh\xE9rence avec les exigences et en apportant les ajustements\
            \ n\xE9cessaires pour traiter les risques et opportunit\xE9s."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:8.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:8
      ref_id: '8.2'
      name: Information security risk assessment
      description: Implement the risk assessment process to identify, evaluate, and
        prioritize information security risks as defined in the ISMS framework.
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:doc.proc_register
      - urn:intuitem:risk:function:doc-pol:doc.risk_register
      translations:
        fr:
          name: "Appr\xE9ciation des risques de s\xE9curit\xE9 de l'information"
          description: "Mettre en \u0153uvre le processus d\u2019\xE9valuation des\
            \ risques pour identifier, \xE9valuer et prioriser les risques li\xE9\
            s \xE0 la s\xE9curit\xE9 de l\u2019information, tel que d\xE9fini dans\
            \ le cadre du SMSI."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:8.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:8
      ref_id: '8.3'
      name: Information security risk treatment
      description: "Apply the risk treatment process by selecting and implementing\
        \ appropriate controls to address identified risks, ensuring alignment with\
        \ the organization\u2019s risk acceptance criteria."
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:doc.proc_register
      - urn:intuitem:risk:function:doc-pol:doc.risk_register
      translations:
        fr:
          name: "Traitement des risques de s\xE9curit\xE9 de l'information"
          description: "Appliquer le processus de traitement des risques en s\xE9\
            lectionnant et en mettant en \u0153uvre des contr\xF4les appropri\xE9\
            s pour traiter les risques identifi\xE9s, en assurant leur alignement\
            \ avec les crit\xE8res d\u2019acceptation des risques de l\u2019organisation."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:9
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:core
      ref_id: '9'
      name: Performance evaluation
      implementation_groups:
      - Clauses
      translations:
        fr:
          name: "\xC9valuation de la performance"
          description: null
    - urn: urn:intuitem:risk:req_node:iso27001-2022:9.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:9
      ref_id: '9.1'
      name: Monitoring, measurement, analysis, evaluation
      description: "Monitor, measure, analyze, and evaluate the ISMS\u2019s performance\
        \ and effectiveness using appropriate methods aligned with the organization\u2019\
        s objectives.\n"
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:pol.monitor
      - urn:intuitem:risk:function:doc-pol:doc.audit_plan
      translations:
        fr:
          name: "Surveillance, mesurages, analyse et \xE9valuation"
          description: "Surveiller, mesurer, analyser et \xE9valuer la performance\
            \ et l\u2019efficacit\xE9 du SMSI en utilisant des m\xE9thodes appropri\xE9\
            es align\xE9es sur les objectifs de l\u2019organisation."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:9.2
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:9
      ref_id: '9.2'
      name: Internal audit
      implementation_groups:
      - Clauses
      translations:
        fr:
          name: Audit interne
          description: null
    - urn: urn:intuitem:risk:req_node:iso27001-2022:9.2.1
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:9.2
      ref_id: 9.2.1
      name: General
      description: Conduct internal audits at planned intervals to ensure the ISMS
        complies with ISO/IEC 27001 requirements and is effectively implemented and
        maintained.
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:pol.audit
      translations:
        fr:
          name: "G\xE9n\xE9ralit\xE9s"
          description: "Effectuer des audits internes \xE0 des intervalles planifi\xE9\
            s pour garantir que le SMSI est conforme aux exigences de l\u2019ISO/CEI\
            \ 27001 et qu\u2019il est efficacement mis en \u0153uvre et maintenu."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:9.2.2
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:9.2
      ref_id: 9.2.2
      name: Internal audit programme
      description: Plan and perform internal audits, including defining criteria,
        scope, methods, and responsibilities, and report the results to relevant management.
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:doc.audit_plan
      translations:
        fr:
          name: Programme d'audit interne
          description: "Planifier et r\xE9aliser des audits internes, y compris la\
            \ d\xE9finition des crit\xE8res, du p\xE9rim\xE8tre, des m\xE9thodes et\
            \ des responsabilit\xE9s, et rapporter les r\xE9sultats \xE0 la direction\
            \ concern\xE9e."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:9.3
      assessable: false
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:9
      ref_id: '9.3'
      name: Management review
      implementation_groups:
      - Clauses
      translations:
        fr:
          name: Revue de la direction
          description: null
    - urn: urn:intuitem:risk:req_node:iso27001-2022:9.3.1
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:9.3
      ref_id: 9.3.1
      name: General
      description: Review the ISMS periodically to ensure its suitability, adequacy,
        and effectiveness in achieving organizational objectives.
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:pol.main
      translations:
        fr:
          name: "G\xE9n\xE9ralit\xE9s"
          description: "Examiner le SMSI p\xE9riodiquement pour s\u2019assurer de\
            \ son ad\xE9quation, de son efficacit\xE9 et de sa capacit\xE9 \xE0 atteindre\
            \ les objectifs organisationnels."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:9.3.2
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:9.3
      ref_id: 9.3.2
      name: Management review inputs
      description: Include inputs such as audit results, ISMS performance, risk status,
        improvement opportunities, and required changes in the management review.
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:doc.mgmt_review
      translations:
        fr:
          name: "El\xE9ments d'entr\xE9e de la revue de direction"
          description: "Inclure des \xE9l\xE9ments tels que les r\xE9sultats d\u2019\
            audits, la performance du SMSI, l\u2019\xE9tat des risques, les opportunit\xE9\
            s d\u2019am\xE9lioration et les changements n\xE9cessaires dans la revue\
            \ de direction."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:9.3.3
      assessable: true
      depth: 4
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:9.3
      ref_id: 9.3.3
      name: Management review results
      description: Document the results of the management reviews, including decisions
        on improvements, ISMS changes, and resource requirements.
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:doc.mgmt_review
      translations:
        fr:
          name: "R\xE9sultats des revues de direction"
          description: "Documenter les r\xE9sultats des revues de direction, y compris\
            \ les d\xE9cisions sur les am\xE9liorations, les modifications du SMSI\
            \ et les besoins en ressources."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:10
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:core
      ref_id: '10'
      name: Improvement
      implementation_groups:
      - Clauses
      translations:
        fr:
          name: "Am\xE9lioration"
          description: null
    - urn: urn:intuitem:risk:req_node:iso27001-2022:10.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:10
      ref_id: '10.1'
      name: "Continual improvement\_"
      description: Identify and act on opportunities for continual improvement to
        enhance the ISMS's effectiveness and alignment with organizational goals.
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:pol.main
      translations:
        fr:
          name: "Am\xE9lioration continue\_"
          description: "Identifier et agir sur les opportunit\xE9s d\u2019am\xE9lioration\
            \ continue pour renforcer l\u2019efficacit\xE9 du SMSI et son alignement\
            \ avec les objectifs organisationnels."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:10.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:10
      ref_id: '10.2'
      name: Nonconformity and corrective action
      description: Address nonconformities by taking corrective actions, identifying
        root causes, and implementing measures to prevent recurrence while documenting
        the process.
      implementation_groups:
      - Clauses
      reference_controls:
      - urn:intuitem:risk:function:doc-pol:pol.main
      - urn:intuitem:risk:function:doc-pol:pol.incident
      - urn:intuitem:risk:function:doc-pol:doc.nc_log
      - urn:intuitem:risk:function:doc-pol:doc.proc_register
      - urn:intuitem:risk:function:doc-pol:doc.raci
      - urn:intuitem:risk:function:doc-pol:doc.mgmt_review
      translations:
        fr:
          name: "Non-conformit\xE9 et action corrective"
          description: "Traiter les non-conformit\xE9s en prenant des actions correctives,\
            \ en identifiant les causes profondes et en mettant en \u0153uvre des\
            \ mesures pour \xE9viter leur r\xE9currence, tout en documentant le processus."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:annex-a
      assessable: false
      depth: 1
      ref_id: annex-a
      name: Statement of Applicability
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "D\xE9claration d'applicabilit\xE9"
          description: null
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:annex-a
      ref_id: A.5
      name: Organisational controls
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Mesure de s\xE9curit\xE9 organisationnelles"
          description: null
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.1
      name: Policies for information security
      description: This control establishes and maintains information security policies
        aligned with organizational objectives. Measures include defining scope, setting
        goals, and ensuring alignment with compliance requirements.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Politiques de s\xE9curit\xE9 de l'information"
          description: "Cette mesure de s\xE9curit\xE9 \xE9tablit et maintient des\
            \ politiques de s\xE9curit\xE9 de l'information align\xE9es sur les objectifs\
            \ organisationnels. Les mesures incluent la d\xE9finition de la port\xE9\
            e, la fixation des objectifs et l'alignement avec les exigences de conformit\xE9\
            ."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.2
      name: Information security roles and responsibilities
      description: This control defines and assigns roles and responsibilities for
        information security to ensure accountability. Measures include clear documentation
        of responsibilities, periodic reviews, and enforcement mechanisms.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Fonctions et responsabilit\xE9s li\xE9es \xE0 la s\xE9curit\xE9 de\
            \ l'information"
          description: "Cette mesure de s\xE9curit\xE9 d\xE9finit et attribue des\
            \ r\xF4les et responsabilit\xE9s en mati\xE8re de s\xE9curit\xE9 de l'information\
            \ pour garantir la responsabilit\xE9. Les mesures incluent une documentation\
            \ claire des responsabilit\xE9s, des revues p\xE9riodiques et des m\xE9\
            canismes d'application."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.3
      name: Segregation of duties
      description: This control ensures segregation of duties to reduce the risk of
        errors, fraud, and unauthorized access. Measures include role separation,
        access restrictions, and regular audits.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "S\xE9paration des t\xE2ches"
          description: "Cette mesure de s\xE9curit\xE9 garantit la s\xE9paration des\
            \ t\xE2ches pour r\xE9duire le risque d'erreurs, de fraude et d'acc\xE8\
            s non autoris\xE9. Les mesures incluent la s\xE9paration des r\xF4les,\
            \ des restrictions d'acc\xE8s et des audits r\xE9guliers."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.4
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.4
      name: Management responsibilities
      description: This control ensures management responsibilities for information
        security are clearly defined and implemented. Measures include setting objectives,
        allocating resources, and overseeing compliance.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Responsabilit\xE9s de la direction"
          description: "Cette mesure de s\xE9curit\xE9 garantit que les responsabilit\xE9\
            s de gestion en mati\xE8re de s\xE9curit\xE9 de l'information sont clairement\
            \ d\xE9finies et mises en \u0153uvre. Les mesures incluent la fixation\
            \ d'objectifs, l'allocation de ressources et la supervision de la conformit\xE9\
            ."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.5
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.5
      name: Contact with authorities
      description: This control ensures timely communication with relevant authorities
        during information security incidents. Measures include establishing contact
        protocols, maintaining updated contact lists, and assigning responsibilities.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Contact avec les autorit\xE9s"
          description: "Cette mesure de s\xE9curit\xE9 garantit une communication\
            \ rapide avec les autorit\xE9s comp\xE9tentes en cas d'incidents de s\xE9\
            curit\xE9 de l'information. Les mesures incluent des protocoles de contact,\
            \ des listes de contacts \xE0 jour et l'attribution de responsabilit\xE9\
            s."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.6
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.6
      name: Contact with special interest groups
      description: This control facilitates contact with special interest groups to
        stay informed about security trends and practices. Measures include participation
        in forums, memberships, and collaborative initiatives.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Contact avec des groupes d'int\xE9r\xEAt sp\xE9cifiques"
          description: "Cette mesure de s\xE9curit\xE9 facilite le contact avec des\
            \ groupes d'int\xE9r\xEAt pour rester inform\xE9 des tendances et pratiques\
            \ en mati\xE8re de s\xE9curit\xE9. Les mesures incluent la participation\
            \ \xE0 des forums, des adh\xE9sions et des initiatives collaboratives."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.7
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.7
      name: Threat intelligence
      description: This control ensures threat intelligence is developed and maintained
        to identify and mitigate security risks. Measures include monitoring threat
        feeds, analyzing trends, and sharing actionable insights.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: Renseignements sur les menaces
          description: "Cette mesure de s\xE9curit\xE9 garantit que des renseignements\
            \ sur les menaces sont d\xE9velopp\xE9s et maintenus pour identifier et\
            \ att\xE9nuer les risques de s\xE9curit\xE9. Les mesures incluent le suivi\
            \ des flux de menaces, l'analyse des tendances et le partage d'informations\
            \ exploitables."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.8
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.8
      name: Information security in project management
      description: This control incorporates information security into project management
        practices. Measures include risk assessments, compliance reviews, and security
        checkpoints during project lifecycles.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "S\xE9curit\xE9 de l'information dans la gestion de projet"
          description: "Cette mesure de s\xE9curit\xE9 int\xE8gre la s\xE9curit\xE9\
            \ de l'information dans les pratiques de gestion de projet. Les mesures\
            \ incluent les \xE9valuations des risques, les revues de conformit\xE9\
            \ et les points de contr\xF4le de s\xE9curit\xE9 tout au long du cycle\
            \ de vie du projet."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.9
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.9
      name: Inventory of information and other associated assets
      description: This control ensures an accurate inventory of information and associated
        assets is maintained. Measures include asset tracking, periodic audits, and
        classification by sensitivity.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Inventaire des informations et autres actifs associ\xE9s"
          description: "Cette mesure de s\xE9curit\xE9 garantit qu\u2019un inventaire\
            \ pr\xE9cis des informations et des actifs associ\xE9s est maintenu. Les\
            \ mesures incluent le suivi des actifs, des audits p\xE9riodiques et une\
            \ classification par sensibilit\xE9."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.10
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.10
      name: Acceptable use of information and other associated assets
      description: This control defines acceptable use of information and associated
        assets to ensure proper handling. Measures include documented policies, user
        training, and enforcement mechanisms.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Utilisation correcte des informations et autres actifs associ\xE9\
            s"
          description: "Cette mesure de s\xE9curit\xE9 d\xE9finit les r\xE8gles d'utilisation\
            \ acceptable des informations et des actifs associ\xE9s pour assurer une\
            \ manipulation appropri\xE9e. Les mesures incluent des politiques document\xE9\
            es, la formation des utilisateurs et des m\xE9canismes d'application."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.11
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.11
      name: Return of assets
      description: This control ensures the secure return of assets when employees
        or contractors leave or change roles. Measures include checklists, asset tracking,
        and decommissioning protocols.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: Restitution des actifs
          description: "Cette mesure de s\xE9curit\xE9 garantit le retour s\xE9curis\xE9\
            \ des actifs lorsque des employ\xE9s ou des sous-traitants quittent ou\
            \ changent de r\xF4le. Les mesures incluent des listes de contr\xF4le,\
            \ le suivi des actifs et des protocoles de d\xE9sactivation."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.12
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.12
      name: Classification of information
      description: This control ensures information is classified based on its sensitivity
        and value to ensure appropriate protection. Measures include classification
        schemes, access restrictions, and labeling guidelines.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: Classification des informations
          description: "Cette mesure de s\xE9curit\xE9 garantit que les informations\
            \ sont class\xE9es en fonction de leur sensibilit\xE9 et de leur valeur\
            \ pour assurer une protection ad\xE9quate. Les mesures incluent des sch\xE9\
            mas de classification, des restrictions d'acc\xE8s et des directives d'\xE9\
            tiquetage."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.13
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.13
      name: Labelling of information
      description: This control ensures consistent labeling of information to reflect
        its classification and handling requirements. Measures include standardized
        templates, training, and audits.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: Marquage des informations
          description: "Cette mesure de s\xE9curit\xE9 garantit un \xE9tiquetage coh\xE9\
            rent des informations pour refl\xE9ter leur classification et leurs exigences\
            \ de traitement. Les mesures incluent des mod\xE8les standardis\xE9s,\
            \ des formations et des audits."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.14
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.14
      name: Information transfer
      description: This control establishes secure processes for transferring information
        between systems or organizations. Measures include encryption, access controls,
        and secure transfer protocols.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: Transfert des informations
          description: "Cette mesure de s\xE9curit\xE9 \xE9tablit des processus s\xE9\
            curis\xE9s pour le transfert d'informations entre syst\xE8mes ou organisations.\
            \ Les mesures incluent le chiffrement, les contr\xF4les d'acc\xE8s et\
            \ les protocoles de transfert s\xE9curis\xE9s."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.15
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.15
      name: Access control
      description: This control implements and maintains access control mechanisms
        to restrict access to authorized individuals. Measures include role-based
        access, multi-factor authentication, and periodic reviews.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Contr\xF4le d'acc\xE8s"
          description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre et maintient\
            \ des m\xE9canismes de contr\xF4le d'acc\xE8s pour limiter l'acc\xE8s\
            \ aux individus autoris\xE9s. Les mesures incluent des contr\xF4les bas\xE9\
            s sur les r\xF4les, l'authentification multifacteur et des revues p\xE9\
            riodiques."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.16
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.16
      name: Identity management
      description: This control ensures identities are managed securely to guarantee
        accurate and reliable access to systems. Measures include identity verification,
        lifecycle management, and access provisioning.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Gestion des identit\xE9s"
          description: "Cette mesure de s\xE9curit\xE9 garantit que les identit\xE9\
            s sont g\xE9r\xE9es de mani\xE8re s\xE9curis\xE9e pour garantir un acc\xE8\
            s pr\xE9cis et fiable aux syst\xE8mes. Les mesures incluent la v\xE9rification\
            \ d'identit\xE9, la gestion du cycle de vie et l'approvisionnement des\
            \ acc\xE8s."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.17
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.17
      name: Authentication information
      description: This control protects authentication information, such as passwords,
        to prevent unauthorized access. Measures include encryption, secure storage,
        and periodic password updates.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: Informations d'authentification
          description: "Cette mesure de s\xE9curit\xE9 prot\xE8ge les informations\
            \ d'authentification, telles que les mots de passe, pour emp\xEAcher tout\
            \ acc\xE8s non autoris\xE9. Les mesures incluent le chiffrement, le stockage\
            \ s\xE9curis\xE9 et les mises \xE0 jour p\xE9riodiques des mots de passe."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.18
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.18
      name: Access rights
      description: This control ensures access rights are regularly reviewed and managed
        to align with roles and responsibilities. Measures include periodic audits,
        access revocation, and automated access management.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Droits d'acc\xE8s"
          description: "Cette mesure de s\xE9curit\xE9 garantit que les droits d'acc\xE8\
            s sont r\xE9guli\xE8rement revus et g\xE9r\xE9s pour s'aligner sur les\
            \ r\xF4les et responsabilit\xE9s. Les mesures incluent des audits p\xE9\
            riodiques, la r\xE9vocation des acc\xE8s et la gestion automatis\xE9e\
            \ des acc\xE8s."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.19
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.19
      name: Information security in supplier relationships
      description: This control ensures information security is embedded in supplier
        relationships and processes. Measures include due diligence, security reviews,
        and ongoing monitoring.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "S\xE9curit\xE9 de l'information dans les relations avec les fournisseurs"
          description: "Cette mesure de s\xE9curit\xE9 garantit que la s\xE9curit\xE9\
            \ de l'information est int\xE9gr\xE9e dans les relations et processus\
            \ avec les fournisseurs. Les mesures incluent la diligence raisonnable,\
            \ les revues de s\xE9curit\xE9 et la surveillance continue."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.20
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.20
      name: Addressing information security within supplier agreements
      description: This control addresses information security requirements within
        supplier agreements. Measures include explicit contract clauses, compliance
        audits, and defined penalties for violations.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "La s\xE9curit\xE9 de l'information dans les accords conclus avec\
            \ les fournisseurs"
          description: "Cette mesure de s\xE9curit\xE9 aborde les exigences de s\xE9\
            curit\xE9 de l'information dans les accords avec les fournisseurs. Les\
            \ mesures incluent des clauses contractuelles explicites, des audits de\
            \ conformit\xE9 et des p\xE9nalit\xE9s d\xE9finies pour les violations."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.21
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.21
      name: Managing information security in the ICT supply chain
      description: This control manages information security risks in the ICT supply
        chain to ensure security of services and components. Measures include risk
        assessments, supplier evaluations, and incident response protocols.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Gestion de la s\xE9curit\xE9 de l'information dans la cha\xEEne d'approvisionnement\
            \ des technologies de l'information et de la communication (TIC)"
          description: "Cette mesure de s\xE9curit\xE9 g\xE8re les risques de s\xE9\
            curit\xE9 de l'information dans la cha\xEEne d'approvisionnement TIC pour\
            \ garantir la s\xE9curit\xE9 des services et des composants. Les mesures\
            \ incluent des \xE9valuations des risques, des \xE9valuations des fournisseurs\
            \ et des protocoles de r\xE9ponse aux incidents."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.22
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.22
      name: Monitor, review and change management of supplier services
      description: This control ensures supplier services are monitored, reviewed,
        and adjusted to maintain information security. Measures include service level
        agreements, periodic reviews, and contract updates.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Surveillance, r\xE9vision et gestion des changements des services\
            \ fournisseurs"
          description: "Cette mesure de s\xE9curit\xE9 garantit que les services des\
            \ fournisseurs sont surveill\xE9s, revus et ajust\xE9s pour maintenir\
            \ la s\xE9curit\xE9 de l'information. Les mesures incluent des accords\
            \ de niveau de service, des revues p\xE9riodiques et des mises \xE0 jour\
            \ contractuelles."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.23
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.23
      name: Information security for use of cloud services
      description: This control ensures the secure use of cloud services by addressing
        associated risks. Measures include data encryption, access controls, and provider
        compliance reviews.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "S\xE9curit\xE9 de l'information dans l'utilisation de services en\
            \ nuage"
          description: "Cette mesure de s\xE9curit\xE9 garantit l'utilisation s\xE9\
            curis\xE9e des services cloud en abordant les risques associ\xE9s. Les\
            \ mesures incluent le chiffrement des donn\xE9es, les contr\xF4les d'acc\xE8\
            s et les revues de conformit\xE9 des fournisseurs."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.24
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.24
      name: Information security incident management planning and preparation
      description: This control ensures proper planning and preparation for managing
        information security incidents. Measures include incident response plans,
        training exercises, and communication protocols.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Planification et pr\xE9paration de la gestion des incidents de s\xE9\
            curit\xE9 de l'information"
          description: "Cette mesure de s\xE9curit\xE9 garantit une planification\
            \ et une pr\xE9paration ad\xE9quates pour la gestion des incidents de\
            \ s\xE9curit\xE9 de l'information. Les mesures incluent des plans de r\xE9\
            ponse aux incidents, des exercices de formation et des protocoles de communication."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.25
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.25
      name: Assessment and decision on information security events
      description: This control establishes processes for assessing and deciding on
        actions related to information security events. Measures include root cause
        analysis, risk evaluation, and mitigation plans.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "\xC9valuation des \xE9v\xE9nements de s\xE9curit\xE9 de l'information\
            \ et prise de d\xE9cision"
          description: "Cette mesure de s\xE9curit\xE9 \xE9tablit des processus pour\
            \ \xE9valuer et d\xE9cider des actions li\xE9es aux \xE9v\xE9nements de\
            \ s\xE9curit\xE9 de l'information. Les mesures incluent l'analyse des\
            \ causes profondes, l'\xE9valuation des risques et des plans d'att\xE9\
            nuation."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.26
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.26
      name: Response to information security incidents
      description: This control ensures effective response to information security
        incidents to minimize impact and recover quickly. Measures include incident
        reporting, escalation protocols, and containment strategies.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "R\xE9ponse aux incidents de s\xE9curit\xE9 de l'information"
          description: "Cette mesure de s\xE9curit\xE9 garantit une r\xE9ponse efficace\
            \ aux incidents de s\xE9curit\xE9 de l'information pour minimiser l'impact\
            \ et r\xE9cup\xE9rer rapidement. Les mesures incluent le signalement des\
            \ incidents, des protocoles d'escalade et des strat\xE9gies de confinement."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.27
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.27
      name: Learning from information security incidents
      description: This control ensures lessons learned from information security
        incidents are documented and implemented to improve processes. Measures include
        post-incident reviews, action plans, and policy updates.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Tirer des enseignements des incidents de s\xE9curit\xE9 de l'information"
          description: "Cette mesure de s\xE9curit\xE9 garantit que les le\xE7ons\
            \ tir\xE9es des incidents de s\xE9curit\xE9 de l'information sont document\xE9\
            es et mises en \u0153uvre pour am\xE9liorer les processus. Les mesures\
            \ incluent des revues post-incidents, des plans d'action et des mises\
            \ \xE0 jour des politiques."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.28
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.28
      name: Collection of evidence
      description: This control ensures evidence is collected and preserved during
        security incidents to support investigations. Measures include chain-of-custody
        procedures, secure storage, and access controls.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: Collecte de preuves
          description: "Cette mesure de s\xE9curit\xE9 garantit que les preuves sont\
            \ collect\xE9es et conserv\xE9es lors des incidents de s\xE9curit\xE9\
            \ pour soutenir les enqu\xEAtes. Les mesures incluent des proc\xE9dures\
            \ de cha\xEEne de conservation, le stockage s\xE9curis\xE9 et les contr\xF4\
            les d'acc\xE8s."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.29
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.29
      name: Information security during disruption
      description: This control ensures information security is maintained during
        disruptions to guarantee continuity of operations. Measures include contingency
        plans, backup systems, and failover mechanisms.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "S\xE9curit\xE9 de l'information pendant une perturbation"
          description: "Cette mesure de s\xE9curit\xE9 garantit que la s\xE9curit\xE9\
            \ de l'information est maintenue pendant les perturbations pour assurer\
            \ la continuit\xE9 des op\xE9rations. Les mesures incluent des plans de\
            \ contingence, des syst\xE8mes de sauvegarde et des m\xE9canismes de basculement."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.30
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.30
      name: ICT readiness for business continuity
      description: This control ensures ICT readiness for business continuity to minimize
        downtime during disruptions. Measures include testing recovery plans, redundant
        systems, and disaster recovery sites.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Pr\xE9paration des TIC la continuit\xE9 d'activit\xE9"
          description: "Cette mesure de s\xE9curit\xE9 garantit la pr\xE9paration\
            \ TIC pour la continuit\xE9 des activit\xE9s afin de minimiser les temps\
            \ d'arr\xEAt pendant les perturbations. Les mesures incluent des tests\
            \ de plans de reprise, des syst\xE8mes redondants et des sites de reprise\
            \ apr\xE8s sinistre."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.31
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.31
      name: Legal, statutory, regulatory and contractual requirements
      description: This control ensures compliance with legal, statutory, regulatory,
        and contractual information security requirements. Measures include policy
        reviews, audits, and evidence documentation.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Exigences l\xE9gales, statutaires, r\xE9glementaires et contractuelles"
          description: "Cette mesure de s\xE9curit\xE9 garantit la conformit\xE9 aux\
            \ exigences l\xE9gales, r\xE9glementaires et contractuelles en mati\xE8\
            re de s\xE9curit\xE9 de l'information. Les mesures incluent des revues\
            \ de politiques, des audits et la documentation des preuves."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.32
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.32
      name: ' Intellectual property rights'
      description: This control ensures intellectual property rights are protected
        through appropriate information security measures. Measures include access
        restrictions, encryption, and legal agreements.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: " Droits de propri\xE9t\xE9 intellectuelle"
          description: "Cette mesure de s\xE9curit\xE9 garantit la protection des\
            \ droits de propri\xE9t\xE9 intellectuelle par des mesures de s\xE9curit\xE9\
            \ de l'information appropri\xE9es. Les mesures incluent des restrictions\
            \ d'acc\xE8s, le chiffrement et des accords l\xE9gaux."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.33
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.33
      name: Protection of records
      description: This control ensures records are securely stored and protected
        to prevent loss or unauthorized access. Measures include retention policies,
        secure storage, and access controls.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: Protection des enregistrements
          description: "Cette mesure de s\xE9curit\xE9 garantit que les enregistrements\
            \ sont stock\xE9s et prot\xE9g\xE9s de mani\xE8re s\xE9curis\xE9e pour\
            \ pr\xE9venir toute perte ou acc\xE8s non autoris\xE9. Les mesures incluent\
            \ des politiques de r\xE9tention, un stockage s\xE9curis\xE9 et des contr\xF4\
            les d'acc\xE8s."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.34
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.34
      name: Privacy and protection of PII
      description: This control protects privacy and ensures the secure handling of
        personally identifiable information (PII). Measures include anonymization,
        encryption, and compliance with privacy laws.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Protection de la vie priv\xE9e et des donn\xE9es \xE0 caract\xE8\
            re personnel (DCP)"
          description: "Cette mesure de s\xE9curit\xE9 prot\xE8ge la confidentialit\xE9\
            \ et garantit le traitement s\xE9curis\xE9 des informations personnellement\
            \ identifiables (PII). Les mesures incluent l'anonymisation, le chiffrement\
            \ et la conformit\xE9 aux lois sur la confidentialit\xE9."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.35
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.35
      name: Independent review of information security
      description: This control ensures independent reviews of information security
        to evaluate effectiveness and compliance. Measures include external audits,
        risk assessments, and follow-up actions.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "R\xE9vision ind\xE9pendante de la s\xE9curit\xE9 de l'information"
          description: "Cette mesure de s\xE9curit\xE9 garantit des revues ind\xE9\
            pendantes de la s\xE9curit\xE9 de l'information pour \xE9valuer l'efficacit\xE9\
            \ et la conformit\xE9. Les mesures incluent des audits externes, des \xE9\
            valuations des risques et des actions de suivi."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.36
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.36
      name: Compliance with policies, rules and standards for information security
      description: This control ensures compliance with all policies, rules, and standards
        for information security. Measures include regular training, policy reviews,
        and enforcement mechanisms.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Conformit\xE9 aux politiques, r\xE8gles et normes de s\xE9curit\xE9\
            \ de l'information"
          description: "Cette mesure de s\xE9curit\xE9 garantit la conformit\xE9 \xE0\
            \ toutes les politiques, r\xE8gles et normes en mati\xE8re de s\xE9curit\xE9\
            \ de l'information. Les mesures incluent des formations r\xE9guli\xE8\
            res, des revues de politiques et des m\xE9canismes d'application."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.37
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5
      ref_id: A.5.37
      name: Documented operating procedures
      description: This control develops and maintains documented operating procedures
        to ensure consistency in security practices. Measures include process documentation,
        version control, and accessibility.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Proc\xE9dures d'exploitation document\xE9es"
          description: "Cette mesure de s\xE9curit\xE9 d\xE9veloppe et maintient des\
            \ proc\xE9dures op\xE9rationnelles document\xE9es pour garantir la coh\xE9\
            rence des pratiques de s\xE9curit\xE9. Les mesures incluent la documentation\
            \ des processus, le contr\xF4le des versions et l'accessibilit\xE9."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.6
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:annex-a
      ref_id: A.6
      name: People controls
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Mesures de s\xE9curit\xE9 applicables aux personnes"
          description: null
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6
      ref_id: A.6.1
      name: Screening
      description: This control ensures the implementation of screening processes
        to verify the suitability of candidates before employment. Measures include
        background checks, identity verification, and assessment of qualifications
        to reduce security risks.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "S\xE9lection des candidats"
          description: "Cette mesure de s\xE9curit\xE9 garantit la mise en \u0153\
            uvre de processus de v\xE9rification pour \xE9valuer l'ad\xE9quation des\
            \ candidats avant leur embauche. Les mesures incluent des v\xE9rifications\
            \ des ant\xE9c\xE9dents, la v\xE9rification d'identit\xE9 et l'\xE9valuation\
            \ des qualifications pour r\xE9duire les risques de s\xE9curit\xE9."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6
      ref_id: A.6.2
      name: Terms and conditions of employment
      description: This control ensures that terms and conditions of employment include
        information security responsibilities. Measures include explicit clauses about
        confidentiality, compliance with policies, and consequences for breaches.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: Termes et conditions du contrat de travail
          description: "Cette mesure de s\xE9curit\xE9 garantit que les termes et\
            \ conditions d'emploi incluent des responsabilit\xE9s en mati\xE8re de\
            \ s\xE9curit\xE9 de l'information. Les mesures incluent des clauses explicites\
            \ sur la confidentialit\xE9, le respect des politiques et les cons\xE9\
            quences des violations."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6
      ref_id: A.6.3
      name: Information security awareness, education and training
      description: This control ensures that employees receive regular information
        security awareness, education, and training. Measures include scheduled training
        sessions, e-learning programs, and simulated phishing exercises.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Sensibilisation, enseignement et formation en s\xE9curit\xE9 de l'information"
          description: "Cette mesure de s\xE9curit\xE9 garantit que les employ\xE9\
            s re\xE7oivent une sensibilisation, une \xE9ducation et une formation\
            \ r\xE9guli\xE8res en mati\xE8re de s\xE9curit\xE9 de l'information. Les\
            \ mesures incluent des sessions de formation planifi\xE9es, des programmes\
            \ d'apprentissage en ligne et des exercices de phishing simul\xE9s."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.4
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6
      ref_id: A.6.4
      name: Disciplinary process
      description: This control establishes a disciplinary process to address breaches
        of information security policies. Measures include clear guidelines, escalation
        procedures, and consistent enforcement to maintain accountability.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Proc\xE9dure disciplinaire"
          description: "Cette mesure de s\xE9curit\xE9 \xE9tablit un processus disciplinaire\
            \ pour traiter les violations des politiques de s\xE9curit\xE9 de l'information.\
            \ Les mesures incluent des lignes directrices claires, des proc\xE9dures\
            \ d'escalade et une application coh\xE9rente pour maintenir la responsabilit\xE9\
            ."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.5
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6
      ref_id: A.6.5
      name: Responsibilities after termination or change of employment
      description: This control ensures that responsibilities related to information
        security are defined and enforced after termination or role changes. Measures
        include revoking access rights, collecting organizational assets, and conducting
        exit interviews.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Responsabilit\xE9s apr\xE8s la fin ou le changement d'emploi"
          description: "Cette mesure de s\xE9curit\xE9 garantit que les responsabilit\xE9\
            s li\xE9es \xE0 la s\xE9curit\xE9 de l'information sont d\xE9finies et\
            \ appliqu\xE9es apr\xE8s la fin d\u2019un contrat ou un changement de\
            \ r\xF4le. Les mesures incluent la r\xE9vocation des droits d'acc\xE8\
            s, la r\xE9cup\xE9ration des actifs de l'organisation et la r\xE9alisation\
            \ d'entretiens de sortie."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.6
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6
      ref_id: A.6.6
      name: Confidentiality or non-disclosure agreements
      description: This control implements confidentiality or non-disclosure agreements
        to protect sensitive information. Measures include signed agreements at the
        start of employment, periodic reminders, and enforcement of legal actions
        in case of violations.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Accords de confidentialit\xE9 ou de non-divulgation"
          description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre des accords\
            \ de confidentialit\xE9 ou de non-divulgation pour prot\xE9ger les informations\
            \ sensibles. Les mesures incluent des accords sign\xE9s au d\xE9but de\
            \ l'emploi, des rappels p\xE9riodiques et l'application d'actions l\xE9\
            gales en cas de violations."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.7
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6
      ref_id: A.6.7
      name: Remote working
      description: This control ensures the secure management of information security
        risks during remote working. Measures include secure access to corporate systems,
        mandatory use of VPNs, and policies for handling sensitive data remotely.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Travail \xE0 distance"
          description: "Cette mesure de s\xE9curit\xE9 garantit la gestion s\xE9curis\xE9\
            e des risques li\xE9s \xE0 la s\xE9curit\xE9 de l'information pendant\
            \ le t\xE9l\xE9travail. Les mesures incluent un acc\xE8s s\xE9curis\xE9\
            \ aux syst\xE8mes de l'entreprise, l'utilisation obligatoire de VPN et\
            \ des politiques pour la gestion des donn\xE9es sensibles \xE0 distance."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.8
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6
      ref_id: A.6.8
      name: Information security event reporting
      description: This control ensures employees can promptly report information
        security events. Measures include incident reporting channels, awareness campaigns,
        and follow-up procedures to investigate and address reported events.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "D\xE9claration des \xE9v\xE9nements de s\xE9curit\xE9 de l'information"
          description: "Cette mesure de s\xE9curit\xE9 garantit que les employ\xE9\
            s peuvent signaler rapidement les \xE9v\xE9nements de s\xE9curit\xE9 de\
            \ l'information. Les mesures incluent des canaux de signalement d'incidents,\
            \ des campagnes de sensibilisation et des proc\xE9dures de suivi pour\
            \ enqu\xEAter et traiter les \xE9v\xE9nements signal\xE9s."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:annex-a
      ref_id: A.7
      name: Physical controls
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Mesures de s\xE9curit\xE9 physique"
          description: null
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7
      ref_id: A.7.1
      name: Physical security perimeters
      description: This control establishes physical security perimeters to protect
        critical areas from unauthorized access. Measures include barriers, access
        controls, and monitoring systems to ensure only authorized individuals can
        enter.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "P\xE9rim\xE8tres de s\xE9curit\xE9 physique"
          description: "Cette mesure de s\xE9curit\xE9 \xE9tablit des p\xE9rim\xE8\
            tres de s\xE9curit\xE9 physique pour prot\xE9ger les zones critiques contre\
            \ les acc\xE8s non autoris\xE9s. Les mesures incluent des barri\xE8res,\
            \ des contr\xF4les d'acc\xE8s et des syst\xE8mes de surveillance pour\
            \ garantir que seules les personnes autoris\xE9es peuvent entrer."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7
      ref_id: A.7.2
      name: Physical entry
      description: This control ensures physical entry points are controlled and monitored
        to prevent unauthorized access. Measures include badge systems, security personnel,
        and visitor logs.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Les entr\xE9es physiques"
          description: "Cette mesure de s\xE9curit\xE9 garantit que les points d'entr\xE9\
            e physiques sont contr\xF4l\xE9s et surveill\xE9s pour emp\xEAcher les\
            \ acc\xE8s non autoris\xE9s. Les mesures incluent des syst\xE8mes de badges,\
            \ du personnel de s\xE9curit\xE9 et des registres des visiteurs."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7
      ref_id: A.7.3
      name: Securing offices, rooms and facilities
      description: This control ensures that offices, rooms, and facilities are secured
        to protect information and resources. Measures include locked doors, restricted
        areas, and surveillance systems.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "S\xE9curisation des bureaux, des salles et des installations"
          description: "Cette mesure de s\xE9curit\xE9 garantit que les bureaux, les\
            \ pi\xE8ces et les installations sont s\xE9curis\xE9s pour prot\xE9ger\
            \ les informations et les ressources. Les mesures incluent des portes\
            \ verrouill\xE9es, des zones restreintes et des syst\xE8mes de surveillance."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.4
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7
      ref_id: A.7.4
      name: Physical security monitoring
      description: This control implements physical security monitoring to detect
        and respond promptly to threats. Measures include CCTV systems, motion detectors,
        and real-time alerts.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Surveillance de la s\xE9curit\xE9 physique"
          description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre une surveillance\
            \ de la s\xE9curit\xE9 physique pour d\xE9tecter et r\xE9pondre rapidement\
            \ aux menaces. Les mesures incluent des syst\xE8mes de vid\xE9osurveillance,\
            \ des d\xE9tecteurs de mouvement et des alertes en temps r\xE9el."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.5
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7
      ref_id: A.7.5
      name: Protecting against physical and environmental threats
      description: This control protects systems and resources from physical and environmental
        threats. Measures include fire suppression systems, temperature controls,
        and flood prevention barriers.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: Protection contre les menaces physiques et environnementales
          description: "Cette mesure de s\xE9curit\xE9 prot\xE8ge les syst\xE8mes\
            \ et les ressources contre les menaces physiques et environnementales.\
            \ Les mesures incluent des syst\xE8mes de suppression d'incendie, des\
            \ contr\xF4les de temp\xE9rature et des barri\xE8res anti-inondation."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.6
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7
      ref_id: A.7.6
      name: Working In secure areas
      description: This control ensures that secure areas are managed to allow authorized
        access only. Measures include access control systems, visitor escorts, and
        activity monitoring.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Travail dans les zones s\xE9curis\xE9es"
          description: "Cette mesure de s\xE9curit\xE9 garantit que les zones s\xE9\
            curis\xE9es sont g\xE9r\xE9es pour permettre l'acc\xE8s uniquement aux\
            \ personnes autoris\xE9es. Les mesures incluent des syst\xE8mes de contr\xF4\
            le d'acc\xE8s, des escortes pour visiteurs et la surveillance des activit\xE9\
            s."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.7
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7
      ref_id: A.7.7
      name: Clear desk and clear screen
      description: This control ensures sensitive information is not left exposed
        by adopting clear desk and clear screen policies. Measures include locking
        sensitive documents away and auto-locking screens when not in use.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Bureau propre et \xE9cran vide"
          description: "Cette mesure de s\xE9curit\xE9 garantit que les informations\
            \ sensibles ne sont pas laiss\xE9es expos\xE9es en adoptant des politiques\
            \ de bureau propre et d'\xE9cran clair. Les mesures incluent le verrouillage\
            \ des documents sensibles et le verrouillage automatique des \xE9crans\
            \ en cas d'inutilisation."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.8
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7
      ref_id: A.7.8
      name: Equipment siting and protection
      description: This control ensures that equipment is positioned and protected
        to prevent unauthorized access or damage. Measures include secure mounting,
        locked cabinets, and restricted access areas.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Emplacement et protection du mat\xE9riel"
          description: "Cette mesure de s\xE9curit\xE9 garantit que les \xE9quipements\
            \ sont positionn\xE9s et prot\xE9g\xE9s pour pr\xE9venir les acc\xE8s\
            \ non autoris\xE9s ou les dommages. Les mesures incluent des montages\
            \ s\xE9curis\xE9s, des armoires verrouill\xE9es et des zones d'acc\xE8\
            s restreintes."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.9
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7
      ref_id: A.7.9
      name: Security of assets off-premises
      description: This control ensures assets used or stored off-premises are secured
        to maintain confidentiality and integrity. Measures include encryption, secure
        transport, and access tracking.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "S\xE9curit\xE9 des actifs hors des locaux"
          description: "Cette mesure de s\xE9curit\xE9 garantit que les actifs utilis\xE9\
            s ou stock\xE9s hors des locaux sont s\xE9curis\xE9s pour maintenir leur\
            \ confidentialit\xE9 et leur int\xE9grit\xE9. Les mesures incluent le\
            \ chiffrement, le transport s\xE9curis\xE9 et le suivi des acc\xE8s."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.10
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7
      ref_id: A.7.10
      name: Storage media
      description: This control safeguards storage media to prevent unauthorized access
        or tampering. Measures include secure storage, encryption, and access restrictions.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: Supports de stockage
          description: "Cette mesure de s\xE9curit\xE9 prot\xE8ge les supports de\
            \ stockage pour emp\xEAcher tout acc\xE8s ou alt\xE9ration non autoris\xE9\
            . Les mesures incluent le stockage s\xE9curis\xE9, le chiffrement et les\
            \ restrictions d'acc\xE8s."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.11
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7
      ref_id: A.7.11
      name: Supporting utilities
      description: This control ensures that supporting utilities, such as power and
        cooling systems, are reliable and protected from disruptions. Measures include
        redundant systems and physical security.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: Services supports
          description: "Cette mesure de s\xE9curit\xE9 garantit que les utilitaires\
            \ de soutien, tels que les syst\xE8mes d'alimentation et de refroidissement,\
            \ sont fiables et prot\xE9g\xE9s contre les perturbations. Les mesures\
            \ incluent des syst\xE8mes redondants et une s\xE9curit\xE9 physique."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.12
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7
      ref_id: A.7.12
      name: Cabling security
      description: This control ensures that cables are secured to prevent unauthorized
        interception or damage. Measures include protective conduits, proper labeling,
        and secure routing.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "S\xE9curit\xE9 du c\xE2blage"
          description: "Cette mesure de s\xE9curit\xE9 garantit que les c\xE2bles\
            \ sont s\xE9curis\xE9s pour pr\xE9venir toute interception ou tout dommage\
            \ non autoris\xE9. Les mesures incluent des conduits de protection, un\
            \ \xE9tiquetage appropri\xE9 et un routage s\xE9curis\xE9."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.13
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7
      ref_id: A.7.13
      name: Equipment maintenance
      description: This control ensures that equipment is maintained to guarantee
        proper functioning and prevent failures. Measures include regular servicing,
        secure maintenance practices, and authorized personnel access.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Maintenance du mat\xE9riel"
          description: "Cette mesure de s\xE9curit\xE9 garantit que les \xE9quipements\
            \ sont maintenus pour assurer leur bon fonctionnement et pr\xE9venir les\
            \ pannes. Les mesures incluent un entretien r\xE9gulier, des pratiques\
            \ de maintenance s\xE9curis\xE9es et un acc\xE8s r\xE9serv\xE9 au personnel\
            \ autoris\xE9."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.14
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7
      ref_id: A.7.14
      name: Secure disposal or re-use of equipment
      description: This control ensures the secure disposal or reuse of equipment
        to protect sensitive information. Measures include data sanitization, physical
        destruction, and certified disposal processes.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "\xC9limination ou recyclage s\xE9curis\xE9(e) du mat\xE9riel"
          description: "Cette mesure de s\xE9curit\xE9 garantit l'\xE9limination ou\
            \ la r\xE9utilisation s\xE9curis\xE9e des \xE9quipements pour prot\xE9\
            ger les informations sensibles. Les mesures incluent la d\xE9sinfection\
            \ des donn\xE9es, la destruction physique et les processus de mise au\
            \ rebut certifi\xE9s."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      assessable: false
      depth: 2
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:annex-a
      ref_id: A.8
      name: Technological controls
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Mesures de s\xE9curit\xE9 technologiques"
          description: null
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.1
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.1
      name: User end point devices
      description: This control ensures the protection of endpoint devices such as
        laptops, desktops, and mobile devices by implementing security measures like
        endpoint detection, encryption, and secure configurations to minimize risks.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: Terminaux finaux des utilisateurs
          description: "Cette mesure de s\xE9curit\xE9 garantit la protection des\
            \ dispositifs de point de terminaison tels que les ordinateurs portables,\
            \ de bureau et les appareils mobiles en mettant en \u0153uvre des mesures\
            \ comme la d\xE9tection des terminaux, le chiffrement et des configurations\
            \ s\xE9curis\xE9es pour minimiser les risques."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.2
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.2
      name: Privileged access rights
      description: This control ensures that privileged access rights are granted,
        managed, and monitored carefully to prevent misuse and enhance security. Measures
        include role-based access controls, periodic reviews, and strict account management.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Droits d'acc\xE8s privil\xE9gi\xE9s"
          description: "Cette mesure de s\xE9curit\xE9 garantit que les droits d'acc\xE8\
            s privil\xE9gi\xE9s sont accord\xE9s, g\xE9r\xE9s et surveill\xE9s avec\
            \ soin pour pr\xE9venir les abus et renforcer la s\xE9curit\xE9. Les mesures\
            \ comprennent des contr\xF4les d'acc\xE8s bas\xE9s sur les r\xF4les, des\
            \ revues p\xE9riodiques et une gestion stricte des comptes."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.3
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.3
      name: Information access restriction
      description: This control restricts access to sensitive information based on
        need-to-know principles. Measures include user authentication, role-based
        permissions, and regular access reviews.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Restriction d'acc\xE8s aux informations"
          description: "Cette mesure de s\xE9curit\xE9 limite l'acc\xE8s aux informations\
            \ sensibles selon le principe du besoin d'en conna\xEEtre. Les mesures\
            \ incluent l'authentification des utilisateurs, les permissions bas\xE9\
            es sur les r\xF4les et des revues r\xE9guli\xE8res des acc\xE8s."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.4
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.4
      name: Access to source code
      description: This control secures access to source code by preventing unauthorized
        viewing, modification, or exposure. Measures include version control, secure
        repositories, and restricted developer access.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Acc\xE8s aux codes source"
          description: "Cette mesure de s\xE9curit\xE9 s\xE9curise l'acc\xE8s au code\
            \ source en emp\xEAchant la visualisation, la modification ou l'exposition\
            \ non autoris\xE9es. Les mesures incluent le contr\xF4le de version, les\
            \ d\xE9p\xF4ts s\xE9curis\xE9s et l'acc\xE8s restreint aux d\xE9veloppeurs."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.5
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.5
      name: Secure authentication
      description: This control implements strong authentication mechanisms, such
        as multi-factor authentication, to verify user identities and prevent unauthorized
        access.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Authentification s\xE9curis\xE9e"
          description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre des m\xE9\
            canismes d'authentification solides, tels que l'authentification multifacteur,\
            \ pour v\xE9rifier l'identit\xE9 des utilisateurs et emp\xEAcher les acc\xE8\
            s non autoris\xE9s."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.6
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.6
      name: Capacity management
      description: This control ensures system capacity is managed to provide adequate
        performance and prevent disruptions. Measures include monitoring resource
        usage and planning for future needs.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: Dimensionnement
          description: "Cette mesure de s\xE9curit\xE9 garantit que la capacit\xE9\
            \ des syst\xE8mes est g\xE9r\xE9e pour assurer des performances ad\xE9\
            quates et \xE9viter les perturbations. Les mesures incluent la surveillance\
            \ de l'utilisation des ressources et la planification des besoins futurs."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.7
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.7
      name: Protection against malware
      description: This control deploys measures like antivirus software, threat detection
        tools, and regular updates to protect systems from malware and malicious attacks.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: Protection contre les programmes malveillants (malware)
          description: "Cette mesure de s\xE9curit\xE9 d\xE9ploie des mesures comme\
            \ des logiciels antivirus, des outils de d\xE9tection des menaces et des\
            \ mises \xE0 jour r\xE9guli\xE8res pour prot\xE9ger les syst\xE8mes contre\
            \ les logiciels malveillants et les attaques."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.8
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.8
      name: Management of technical vulnerabilities
      description: This control identifies, evaluates, and remediates technical vulnerabilities
        promptly to minimize security risks. Measures include vulnerability scanning
        and patch management.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Gestion des vuln\xE9rabilit\xE9s techniques"
          description: "Cette mesure de s\xE9curit\xE9 identifie, \xE9value et rem\xE9\
            die rapidement aux vuln\xE9rabilit\xE9s techniques pour minimiser les\
            \ risques de s\xE9curit\xE9. Les mesures incluent les analyses de vuln\xE9\
            rabilit\xE9s et la gestion des correctifs."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.9
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.9
      name: Configuration management
      description: This control ensures consistent management of system configurations
        to maintain security settings and prevent unauthorized changes.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: Gestion des configurations
          description: "Cette mesure de s\xE9curit\xE9 garantit une gestion coh\xE9\
            rente des configurations des syst\xE8mes pour maintenir des param\xE8\
            tres s\xE9curis\xE9s et pr\xE9venir les changements non autoris\xE9s."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.10
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.10
      name: Information deletion
      description: This control ensures sensitive information is securely deleted
        when no longer required to prevent unauthorized recovery or exposure.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: Suppression des informations
          description: "Cette mesure de s\xE9curit\xE9 garantit que les informations\
            \ sensibles sont supprim\xE9es de mani\xE8re s\xE9curis\xE9e lorsqu'elles\
            \ ne sont plus n\xE9cessaires pour \xE9viter toute r\xE9cup\xE9ration\
            \ ou exposition non autoris\xE9e."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.11
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.11
      name: Data masking
      description: This control protects sensitive information during processing or
        display by using data masking techniques to obscure data from unauthorized
        users.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Masquage des donn\xE9es"
          description: "Cette mesure de s\xE9curit\xE9 prot\xE8ge les informations\
            \ sensibles lors de leur traitement ou affichage en utilisant des techniques\
            \ de masquage des donn\xE9es pour les rendre inaccessibles aux utilisateurs\
            \ non autoris\xE9s."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.12
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.12
      name: Data leakage prevention
      description: This control implements mechanisms to prevent the accidental exposure
        of sensitive data through email, removable media, or other channels.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Pr\xE9vention de la fuite de donn\xE9es"
          description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre des m\xE9\
            canismes pour emp\xEAcher l'exposition accidentelle des donn\xE9es sensibles\
            \ via des e-mails, des supports amovibles ou d'autres canaux."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.13
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.13
      name: Information backup
      description: This control ensures critical information is backed up regularly
        and securely to ensure its availability in case of incidents or disasters.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: Sauvegarde des informations
          description: "Cette mesure de s\xE9curit\xE9 garantit que les informations\
            \ critiques sont sauvegard\xE9es r\xE9guli\xE8rement et en toute s\xE9\
            curit\xE9 pour assurer leur disponibilit\xE9 en cas d'incidents ou de\
            \ catastrophes."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.14
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.14
      name: Redundancy of information processing facilities
      description: This control ensures redundancy is built into processing facilities
        to maintain availability and operations during system failures or emergencies.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: Redondance des moyens de traitement de l'information
          description: "Cette mesure de s\xE9curit\xE9 garantit que la redondance\
            \ est int\xE9gr\xE9e dans les installations de traitement pour maintenir\
            \ la disponibilit\xE9 et les op\xE9rations en cas de d\xE9faillances ou\
            \ d'urgences."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.15
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.15
      name: Logging
      description: This control enables logging of activities within systems to support
        monitoring, incident detection, and forensic investigations.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: Journalisation
          description: "Cette mesure de s\xE9curit\xE9 permet la journalisation des\
            \ activit\xE9s au sein des syst\xE8mes pour soutenir la surveillance,\
            \ la d\xE9tection des incidents et les enqu\xEAtes m\xE9dico-l\xE9gales."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.16
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.16
      name: Monitoring activities
      description: This control ensures the ongoing monitoring of system activities
        to detect, respond to, and mitigate security threats.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Activit\xE9s de surveillance"
          description: "Cette mesure de s\xE9curit\xE9 garantit la surveillance continue\
            \ des activit\xE9s du syst\xE8me pour d\xE9tecter, r\xE9pondre et att\xE9\
            nuer les menaces \xE0 la s\xE9curit\xE9."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.17
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.17
      name: Clock synchronization
      description: This control ensures system clocks are synchronized to maintain
        accurate and consistent timestamps for logs and other critical processes.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: Synchronisation des horloges
          description: "Cette mesure de s\xE9curit\xE9 garantit que les horloges des\
            \ syst\xE8mes sont synchronis\xE9es pour maintenir des horodatages pr\xE9\
            cis et coh\xE9rents pour les journaux et d'autres processus critiques."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.18
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.18
      name: Use of privileged utility programs
      description: This control restricts and monitors the use of privileged utility
        programs to prevent misuse and unauthorized actions.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Utilisation de programmes utilitaires \xE0 privil\xE8ges"
          description: "Cette mesure de s\xE9curit\xE9 restreint et surveille l'utilisation\
            \ des programmes utilitaires privil\xE9gi\xE9s pour pr\xE9venir les abus\
            \ et les actions non autoris\xE9es."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.19
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.19
      name: Installation of software on operational systems
      description: This control ensures software installation on operational systems
        is managed securely to prevent vulnerabilities or unauthorized changes.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Installation de logiciels sur des syst\xE8mes op\xE9rationnels"
          description: "Cette mesure de s\xE9curit\xE9 garantit que l'installation\
            \ de logiciels sur les syst\xE8mes op\xE9rationnels est g\xE9r\xE9e de\
            \ mani\xE8re s\xE9curis\xE9e pour \xE9viter les vuln\xE9rabilit\xE9s ou\
            \ les modifications non autoris\xE9es."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.20
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.20
      name: Networks security
      description: This control ensures network security through firewalls, intrusion
        detection systems, and access controls to protect against unauthorized access
        and attacks.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "S\xE9curit\xE9 des r\xE9seaux"
          description: "Cette mesure de s\xE9curit\xE9 garantit la s\xE9curit\xE9\
            \ du r\xE9seau gr\xE2ce \xE0 des pare-feu, des syst\xE8mes de d\xE9tection\
            \ d'intrusion et des contr\xF4les d'acc\xE8s pour prot\xE9ger contre les\
            \ acc\xE8s non autoris\xE9s et les attaques."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.21
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.21
      name: Security of network services
      description: This control ensures network services are protected to maintain
        confidentiality, integrity, and availability during use.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "S\xE9curit\xE9 des services r\xE9seau"
          description: "Cette mesure de s\xE9curit\xE9 garantit que les services r\xE9\
            seau sont prot\xE9g\xE9s pour maintenir la confidentialit\xE9, l'int\xE9\
            grit\xE9 et la disponibilit\xE9 pendant leur utilisation."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.22
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.22
      name: Segregation of networks
      description: This control implements network segregation to limit the spread
        of threats and minimize the impact of potential breaches.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Cloisonnement des r\xE9seaux"
          description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre la segmentation\
            \ des r\xE9seaux pour limiter la propagation des menaces et minimiser\
            \ l'impact des violations potentielles."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.23
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.23
      name: 'Web filtering '
      description: This control uses web filtering tools to block unauthorized or
        harmful content from being accessed over the internet.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: 'Filtrage web '
          description: "Cette mesure de s\xE9curit\xE9 utilise des outils de filtrage\
            \ Web pour bloquer le contenu non autoris\xE9 ou nuisible accessible sur\
            \ Internet."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.24
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.24
      name: Use of cryptography
      description: This control ensures cryptographic techniques are applied to protect
        data confidentiality, integrity, and authenticity.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: Utilisation de la cryptographie
          description: "Cette mesure de s\xE9curit\xE9 garantit que des techniques\
            \ cryptographiques sont appliqu\xE9es pour prot\xE9ger la confidentialit\xE9\
            , l'int\xE9grit\xE9 et l'authenticit\xE9 des donn\xE9es."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.25
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.25
      name: Secure development life cycle
      description: This control integrates security into all stages of the development
        life cycle to ensure systems and applications are built securely.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Cycle de vie de d\xE9veloppement s\xE9curis\xE9"
          description: "Cette mesure de s\xE9curit\xE9 int\xE8gre la s\xE9curit\xE9\
            \ \xE0 toutes les \xE9tapes du cycle de vie du d\xE9veloppement pour garantir\
            \ que les syst\xE8mes et applications sont construits de mani\xE8re s\xE9\
            curis\xE9e."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.26
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.26
      name: Application security requirements
      description: This control defines and enforces security requirements for applications
        to safeguard against vulnerabilities.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Exigences de s\xE9curit\xE9 des applications"
          description: "Cette mesure de s\xE9curit\xE9 d\xE9finit et applique des\
            \ exigences de s\xE9curit\xE9 pour les applications afin de prot\xE9ger\
            \ contre les vuln\xE9rabilit\xE9s."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.27
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.27
      name: Secure system architecture and engineering principles
      description: This control ensures secure design principles are adopted during
        the development of system architectures.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Principes d'ing\xE9nierie et d'architecture des syst\xE8mes s\xE9\
            curis\xE9s"
          description: "Cette mesure de s\xE9curit\xE9 garantit que des principes\
            \ de conception s\xE9curis\xE9s sont adopt\xE9s lors du d\xE9veloppement\
            \ des architectures syst\xE8me."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.28
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.28
      name: Secure coding
      description: This control implements secure coding practices to minimize vulnerabilities
        in developed software.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Codage s\xE9curis\xE9"
          description: "Cette mesure de s\xE9curit\xE9 met en \u0153uvre des pratiques\
            \ de codage s\xE9curis\xE9 pour minimiser les vuln\xE9rabilit\xE9s des\
            \ logiciels d\xE9velopp\xE9s."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.29
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.29
      name: Security testing in development and acceptance
      description: This control ensures security testing is conducted during development
        and acceptance phases to identify weaknesses.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Tests de s\xE9curit\xE9 dans le d\xE9veloppement et l'acceptation"
          description: "Cette mesure de s\xE9curit\xE9 garantit que des tests de s\xE9\
            curit\xE9 sont effectu\xE9s pendant les phases de d\xE9veloppement et\
            \ d'acceptation pour identifier les faiblesses."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.30
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.30
      name: 'Outsourced development '
      description: This control ensures security risks are managed effectively when
        development is outsourced to third-party vendors.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "D\xE9veloppement externalis\xE9 "
          description: "Cette mesure de s\xE9curit\xE9 garantit que les risques de\
            \ s\xE9curit\xE9 sont g\xE9r\xE9s efficacement lorsque le d\xE9veloppement\
            \ est externalis\xE9 \xE0 des fournisseurs tiers."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.31
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.31
      name: Separation of development, test and production environments
      description: This control ensures development, test, and production environments
        are segregated to prevent unintended interactions and unauthorized access.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "S\xE9paration des environnements de d\xE9veloppement, de test et\
            \ op\xE9rationnels"
          description: "Cette mesure de s\xE9curit\xE9 garantit que les environnements\
            \ de d\xE9veloppement, de test et de production sont s\xE9par\xE9s pour\
            \ \xE9viter les interactions involontaires et les acc\xE8s non autoris\xE9\
            s."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.32
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.32
      name: Change management
      description: This control ensures changes to systems are managed securely to
        minimize risks and maintain operational stability.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: Gestion des changements
          description: "Cette mesure de s\xE9curit\xE9 garantit que les modifications\
            \ des syst\xE8mes sont g\xE9r\xE9es de mani\xE8re s\xE9curis\xE9e pour\
            \ minimiser les risques et maintenir la stabilit\xE9 op\xE9rationnelle."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.33
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.33
      name: Test information
      description: This control protects test data to prevent the exposure of sensitive
        or confidential information during testing processes.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: Informations de test
          description: "Cette mesure de s\xE9curit\xE9 prot\xE8ge les donn\xE9es de\
            \ test pour \xE9viter l'exposition d'informations sensibles ou confidentielles\
            \ lors des processus de test."
    - urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.34
      assessable: true
      depth: 3
      parent_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8
      ref_id: A.8.34
      name: Protection of information systems during audit testing
      description: This control ensures that systems and data are safeguarded during
        audits by preventing unauthorized access, data leakage, or disruptions. Measures
        include using non-production environments, access restrictions, and confidentiality
        agreements to maintain system security and integrity.
      implementation_groups:
      - SoA
      translations:
        fr:
          name: "Protection des syst\xE8mes d'information pendant les tests d'audit"
          description: "Cette mesure de s\xE9curit\xE9 garantit que les syst\xE8mes\
            \ et les donn\xE9es sont prot\xE9g\xE9s pendant les audits en emp\xEA\
            chant les acc\xE8s non autoris\xE9s, les fuites de donn\xE9es ou les perturbations.\
            \ Les mesures incluent l'utilisation d'environnements non productifs,\
            \ des restrictions d'acc\xE8s et des accords de confidentialit\xE9 pour\
            \ pr\xE9server la s\xE9curit\xE9 et l'int\xE9grit\xE9 des syst\xE8mes."