Guest user Created: Sep 19, 2018 Last commented: Sep 19, 2018

Controls objectives

I am working on the Statement of Applicability for a client. Where it asks for “Control Objectives” there is a comment that says: They should be defined for each of your controls and made measurable if possible; however, you can also copy objectives listed in clauses categories in Annex A. Where is the objectives listed in the clauses categories in Annex A? I have reviewed Annex A and do not see this?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Sep 19, 2018

Answer:

Controls objectives are written right after the title of each subsection in Annex A. For example, right after subsection A.5.1 (Management direction for information security) you can find the control objective for controls A.5.1.1 and A.5.1.2:

"Objective: To provide management direction and support for information security in accordance with business requirements and relevant laws and regulations."

Please note that there is not a control objective for each control. Instead of it there is a control objective for a set of related controls (described in each subsection of Annex A).

This article will provide you further explanatio n about controls objectives:
- ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/

This material will also help you regarding control objectives:
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Sep 19, 2018

Expert Advice Community