Filling the Statement of Applicability template
Assign topic to the user
Answer:
Control objectives are important for at least two reasons:
1 - They help fulfill clause 6.2 (Information security objectives and planning to achieve them)
2 - They are used during performance evaluation (requirements from clause 9) as reference to decide if the controls are being effective or if adjustments are needed.
It is important to note that:
- Control objectives are not mandatory in the Statement of Applicability (although include them in SoA is a god practice to decrease administrative efforts to manage several documents).
- You do not have to specify objectives for each and every control
A good tip for establish control objectives is to copy the objectives from Annex A (this is acceptable for certification purp oses).
To help you define control objectives I suggest you this article:
- ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
Comment as guest or Sign in
Jan 01, 2019