Expert Advice Community

Guest

A.5.1.1 Policies for Information Security

  Quote
Guest
Guest user Created:   Jul 19, 2022 Last commented:   Jul 19, 2022

A.5.1.1 Policies for Information Security

We have a customer requirement that we would like to include in the Information Security Policy. I will map these onto area ‘Setting top-level information security objectives and intentions’, but would also expect control A.5.1.1 Policies for Information Security to be triggered. From the mapping document this does not seem to be the case. Actually, A.5.* controls are absent from the mapping altogether, as is the case for A.7 Human resources controls. Should A.5.* not be mapped as a result of the area I mentioned? Or any other area?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 19, 2022

Please note that ‘Setting top-level information security objectives and intentions’ is related to the Information Security Policy, which is a mandatory document for ISO 27001, so it needs to be implemented regardless of whether the controls from sections A.5 and A.7 are applicable or not, so then they are not linked to these controls.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 19, 2022

Jul 19, 2022

Suggested Topics