Hello, I bought ISO27001 full package documents.
I'm wondering if all of the items in Annex A are mandatory?
Assign topic to the user
Expert
Rhand Leal
Apr 06, 2020
It is not mandatory to implement all 114 controls of Annex A of ISO 27001:2013, you only need to implement those that you need to reduce risks identified during the risk assessment (or those that are related to law, contractual requirements, etc.).
This article will provide you further explanation about the selection of controls:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
These materials will also help you regarding ISO 27001:
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Apr 06, 2020
Apr 06, 2020
Apr 06, 2020