Expert Advice Community

Guest

Clarification Regarding Control Review Frequency in Policy Documents

  Quote
Guest
Guest user Created:   Oct 12, 2023 Last commented:   Oct 12, 2023

Clarification Regarding Control Review Frequency in Policy Documents

I wanted to clarify that all the policy documents we've prepared specify a requirement for a 6-month review. However, the specific controls we discussed are not mentioned in the documents. My question is whether, according to the policy, we need to review the controls every 6 months or if we have the flexibility to define the update frequency for the controls ourselves, separate from the document reviews. Please refer to the attached image for more details.

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 12, 2023

Controls can be reviewed at a different frequency than those defined for the review of documents related to them. You only need to ensure that control review results are considered in the next document review. Please also note that, depending upon the controls review results, an immediate review of documents may be necessary. 

Check our article for further information on performing monitoring and measurement in ISO 27001.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 12, 2023

Oct 12, 2023

Suggested Topics

Guest user Created:   Jun 10, 2024 ISO 27001 & 22301
Replies: 1
0 0

Non-mandatory documents

Brad Created:   Apr 22, 2024 ISO 27001 & 22301
Replies: 1
0 0

Custom Edit Documents