Identify applicable reference answers based on ISO to provided questions (SaaS application)

General Notes We are developing a web-based application and have a larger number of questions (~350) that are part of the audit. We need someone that is familiar with ISO and ITIL standards who can pinpoint Industry-standard / Guideline that is relevant for each question. Once identified it needs to be referenced accordingly. Each question will have at least one or two references that are accurately describing the best practice. We need it referenced based on APA 7 (modified - due to the fact that the source will be ISO / ITIL). We need to identify the section and where it is in the document (page/section/paragraph) We will provide relevant reference material to start with, but are happy to get your input in bringing other credible references. The references must be accurately identified as they will be used by the application. We will provide sample questions in the project and will send a full list of questions to the winning freelancer. Please provide a sample answer as part of this project bid. We will review the quality of the reference provided and referencing style along with the cost of the bid to award the project. Timeframes We are expecting that this should take a couple of weeks but happy to do milestones based on smaller chunks of questions. Questions: 1. Do you have Data Backup Policy? 2. Who is the owner of company domains? 3. Has forward projection regarding future IT Systems capacity been done? 4. Is there a centralised repository for all software owned/used by the company? 5. How often do you backup your systems and how often do you test your backups? Sample reference for Question 1 is: ---------------------------------------------------------- "Control- In accordance with the agreed backup policy copies of records, program and device images shall be collected and regularly tested Implementation Guidance – The organization’s information, software, and systems backup requirements should be established with a backup policy. The policy of backup should define the requirements for retention and protection. There should be sufficient backup facilities to ensure that all important information and software can be recovered after a disaster or media failure." The following things should be considered when designing a backup plan: Precise and full backup records should be prepared as well as recorded restoration procedures; The nature and frequency of the backup (e.g., full or differential backups) should reflect the company’s business requirements, security requirements for the information involved and criticality to the continued operation of the organization; Backups should be held at a remote location at a distance sufficient to prevent any damage at most locations due to a disaster; The appropriate level of physical and environmental protection should be given backup information (Refer clause 11) in accordance with the standards at the main site; The backup medium should be tested regularly to ensure that they can be used for emergency use if required; combined with the restore procedures test and controlled for the required restore time. The check should not be carried out with overwriting of the original medium if the backup or restore process fails and cause irreparable data damage or loss; Backups should be secured by encryption in cases where confidentiality is the concern. ISO 27001 Annex : A.12.3 Backup Its objective is to safeguard against data loss. A.12.3.1 Information backup