Expert Advice Community

Guest

Mapping of requirements on controls

  Quote
Guest
Guest user Created:   Jul 22, 2022 Last commented:   Jul 22, 2022

Mapping of requirements on controls

Here’s another question about the mapping of requirements on controls. We have a customer requirements that relates to regular reporting on the effectiveness of the ISMS. I think it would be appropriate to map these on controls A.18.2.*. From the mapping document this does not seem to be the possible. There is no corresponding ‘Compliance’ are that can be selected. Actually, A.18.* controls are absent from the mapping altogether, as is the case for A.7 Human resources controls. Should a compliance area not be selectable in the requirements register and should A.18.* not be mapped as a result of mapping onto this area? Or any other area?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 22, 2022

Please note that a customer requirement related to regular reporting on the effectiveness of the ISMS can be best addressed by options “Reporting the performance of information security” or “Internal auditing”, and both are related to mandatory requirements, so they do not require any control to be applicable to be implemented.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 22, 2022

Jul 22, 2022

Suggested Topics