Guest
Mapping of requirements on controls
Here’s another question about the mapping of requirements on controls.
We have a customer requirements that relates to regular reporting on the effectiveness of the ISMS. I think it would be appropriate to map these on controls A.18.2.*. From the mapping document this does not seem to be the possible. There is no corresponding ‘Compliance’ are that can be selected. Actually, A.18.* controls are absent from the mapping altogether, as is the case for A.7 Human resources controls.
Should a compliance area not be selectable in the requirements register and should A.18.* not be mapped as a result of mapping onto this area? Or any other area?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Expert
Rhand Leal
Jul 22, 2022
Please note that a customer requirement related to regular reporting on the effectiveness of the ISMS can be best addressed by options “Reporting the performance of information security” or “Internal auditing”, and both are related to mandatory requirements, so they do not require any control to be applicable to be implemented.
Comment as guest or Sign in
Jul 22, 2022
Jul 22, 2022
Jul 22, 2022