Hi Raffy,
There is a lot to dig in to: This is just what came to mind right away…
Doc requirements, and in particular control of records: Backup, Virus protection and firewalls, Access rules… 4.2. Security
Objectives. 5.4.1.
Who is responsible for the operation of systems and applications? 5.5.1.
Competence and training. 6.2.2.
Infrastructure. 6.3. Design of the LAN
Purchasing. (Software, hardware, services) 7.4.
Validation of applications they put together. 7.5.2.
Customers property (Mainly information) 7.5.4. Security
Monitoring of the systems. 8.2.3
Analysis of system performance, and actions taken as a result 8.4, 8.5.
Improvement 8.5.2.
I hope that'll keep you happy for a while?
/Claes