Expert Advice Community

Home / ISO 27001 & 22301 / Main control activity

Guest

Main control activity

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Mar 02, 2018 Last commented:   Mar 02, 2018

Main control activity

ISO 27001 & 22301
By key control, I mean the main control activity. For eg, in an access provisioning process, the key control activity would be the part where the provisioning actually takes place.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Rhand Leal Mar 02, 2018

So, my question was- in each procedure documentation, is it an ISO27001 requirement to identify the key control activity along with the key records?

Answer: ISO 27001 does not require the identification in procedure documentation of such thing as main or key control activity as you described it. As a good practice, you may consider to include in policies and procedures references to the controls these documents are fulfilling. For example, in a access control policy you may include reference to control A..9.1.1 - Access control policy.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 02, 2018

Mar 02, 2018

Suggested Topics
AntonioS Created:   Jan 13, 2016 ISO 27001 & 22301
Replies: 0
0 0

Security controls to mitigate cybersecurity threats
Guest post Created:   Jan 12, 2016 ISO 27001 & 22301
Replies: 0
0 0

ISO 27001 maintenance mode after implementation mode
Guest user Created:   Oct 31, 2023 ISO 27001 & 22301
Replies: 1
0 0

Guidance on Missing ISMS Documentation and Implementation Drafts