Assign topic to the user
ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY
Define main rules for risk assessment and treatment.
Get it now 
ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY
Define main rules for risk assessment and treatment.
Get it now
ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY
Define main rules for risk assessment and treatment.
Get it now
(I would like you to help me understand A 6.1.2 more fully. By my understanding, it concerns access rights to conflicting information, for example: Purchasing department, conflict of access to the financial department. I am creating an array that informs the access rights and control barriers indicated. I'm in the right way?)
Answer: Seu entendimento está correto. A segregação de funções se faz necessárias para que uma única pessoa não tenha controle ou conhecimento de todas as etapas de um processo crítico para o negócio.
(Your understanding is correct. The segregation of functions is necessary so that a single person does not have control or knowledge of all the steps of a process criti cal to the business.)
Este artigo irá lhe fornecer mais informações:
- Segregation of duties in your ISMS according to ISO 27001 A.6.1.2 https://advisera.com/27001academy/blog/2016/11/21/segregation-of-duties-in-your-isms-according-to-iso-27001-a-6-1-2/
Comment as guest or Sign in
Aug 03, 2018