This is because the controls of Annex A correspond directly to those in another standard from the ISO 27000 Family, ISO 27002. It may seem odd that the controls in Annex A start at A5 rather than A1. Why do the ISO 27001 Controls Start at A5? We won’t address every control here but the broad headings are:Ī14 System Acquisition, Development & MaintenanceĪ17 Information Security in Business Continuity ManagementĪs you can see, the controls cover wide ranging aspects of the organisation and should not ordinarily be the sole responsibility of the I.T department. While justifying the exclusion of controls must be for a valid reason, for example excluding the control for ‘Outsourced Software Development’ because you do not outsource your software development. Usually justification for inclusion falls within one of several categories including: It is mandatory to address the controls within Annex A of the standard, and while you aren’t required to implement EVERY control, you do need to justify their inclusion or exclusion from your management system. Unlike other management system standards, ISO 27001 for Information Security, provides a lengthy annex of 114 controls and control objectives.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |