No conformidades relacionados con los controles del Anexo A ISO 27001
Differences between ISO 27001:2005 and ISO 27001:2013
Templates for technical controls
Nonconformities and incidents
Implementation method and status of controls in Statement of Applicability
We are working on completing the SoA and are a bit confused on how best to fill in the implementation method and status. In a number of cases, we have a current method in place to address a control but we don't consider that method to be fully adequate as a control. So we plan in the near future to develop a more extensive control.
Handling documents of external origin
I have a question. For the PROCEDURE FOR DOCUMENT AND RECORD CONTROL, is section 4 really needed? It seems odd to track incoming packages, every single piece of email, etc. I'm also unfamiliar with the concept of an incoming mail register.
Assistance on nonconformities
Request you help and assistance on couple of minor non conformities.