Thank you for the meeting we had last Friday. As discussed, “A.8.2.2 Labeling of Information“ is not applicable for us while “ and I deactivated the control in SOA. However, in the following steps I see there is the “information Classification Document” which requires a responsible person and also defining the labels in 3.2.2 (Confidentiality levels – see the below table).
I’m wondering if there is a way to remove Labeling in this case or is it enough manually we have put Not Applicable (N/A). Or if we have A.8.2.1 then is mandatory to have A.8.2.2 as well?
Since you stated in the SoA that control A.8.2.2 Labelling of information is not applicable, then it is sufficient for you to include only N/A in the Labeling column (there is no need to exclude the column).
Regarding controls A.8.2.1 Classification of information and A.8.2.2, you can implement only A.8.2.1 without implementing A.8.2.2 (i.e., you can define classification levels without the need to label media that contains it, although this is not common).