Mapping of requirements on controls

Please note that a customer requirement related to regular reporting on the effectiveness of the ISMS can be best addressed by options “Reporting the performance of information security” or “Internal auditing”, and both are related to mandatory requirements, so they do not require any control to be applicable to be implemented.

Earlier I noted that it is not possible to map a requirement, specifically a requirement by the Data Insurance company, to map a requirement for security awareness training onto Human Resource control 7.2.2. In fact, a Human Resources area is missing altogether. I understood that this would be added, but I still can not see it. When will this become available?

Please note that to map an external requirement such as a requirement for an Insurance company, you should use the Register of Requirements module.

In the field “To what area is this requirement related?” you can use the option “Specifying mandatory safeguards”, and in the field “Description of the requirement,” you can inform clause A.7.2.2.

As for the security awareness training, you can record this need in the Training module.