Guest user Created: Aug 12, 2017 Last commented: Aug 12, 2017

Annex A Controls

Why aren't similar controls to Annex A included in other standards, i.e. 22301? Why specifically does 27001 have a set of controls attached?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Aug 12, 2017

Answer: ISO standard's content is defined by technical committees that can be different for each standard. For example, for ISO 27001 the technical committee is the ISO/IEC joint technical committee JTC 1, while for ISO 22301 the technical committee is the ISO/TC 292 Security and resilience. These committees work with different contexts and point of views that may result in situations like this one you mentioned, where the ISO 27001 committee decided this standard should have a set of controls attached while the ISO 22301 committee did not see reason for such details to be attached (in fact, guidance for ISO 22301 is available on ISO 22313 - https://www.iso.org/standard/50050.html).

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Aug 12, 2017

Expert Advice Community

Annex A Controls

Annex A Controls

Assign topic to the user

Comment as guest or Sign in

Suggested Topics

Conformio and Annex A controls

Annex A controls

Risk re-evaluation processes Risk Treatment and Annex A controls