Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

Control Effectiveness Report

Last year we had a surveillance audit under the 2005 standard and at one point our auditor asked for a Control Effectiveness Report. I was dumbfounded, I had no idea what he was talking about. Have you heard of a report like this before, measuring the effectiveness of each control or control group? Do you have any recommendations on how we could achieve such a report?

0 0

Assign topic to the user

Select user

Guest

AntonioS Jan 12, 2016

Here is important to know that it is necessary to measure the effectiveness of the security controls, because if not, how can you know if they are working fine? A report can be useful as input in the Management review, because gives information about the effectiveness of the ISMS and the security controls to the Top Management (clause 9.3 c) 2) establishes: The management review shall include consideration of feedback on the information security performance, including trends in monitoring and measurements results"). You can measure the effectiveness of each control, but it is more easy if you do it per control group, or per control objectives. Please read this article ISO 27001 control objectives Why are they important : https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community