Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Applicability of A 14.2.2 Change Management for staff augmentation companies

  Quote
mhsatish Created:   Jan 20, 2020 Last commented:   Jan 20, 2020

Applicability of A 14.2.2 Change Management for staff augmentation companies

Can we exclude A 14.2.2 if a company is a bodyshop for other company and the vendor only performs code changes, updations and customizations based on client change management policy.
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT

Document the results of the risk management process.

ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT

Document the results of the risk management process.

Expert
Dejan Kosutic Jan 20, 2020

The exclusion of controls in ISO 27001 can be made only if there are no related risks, and if there are no legal or contractual requirements.

So you have to perform risk assessment and review all the requirements, and then you can conclude whether you can exclude this control. 

These materials will also help you regarding exclusion of controls, managing risks and listing requirements:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 20, 2020

Jan 20, 2020