Expert Advice Community

Guest

Controls applicability

  Quote
Guest
Guest user Created:   Jun 06, 2018 Last commented:   Jun 06, 2018

Controls applicability

Hello, is it absolutely mandatory under the ISO guidelines to install an antivirus application onto the devices of my employees?
0 0

Assign topic to the user

ISO 27001 STATEMENT OF APPLICABILITY

List all controls and determine which are applicable and why.

ISO 27001 STATEMENT OF APPLICABILITY

List all controls and determine which are applicable and why.

Expert
Rhand Leal Jun 06, 2018

Answer: According to ISO 27001, the implementation of antivirus application, or any control from Annex A, is required only if one of the following occurs:
- There are risks identified as unacceptable in the risk assessment that require the implementation of the control
- There are legal requirements (e.g., laws, regulations, contracts, etc.) that require the implementation of the control
- There is a top management decision requiring the implementation of the control

If none of these occurs there is no need to implement a control considering ISO 27001 requirements.

These articles will provide you further explanation about risk assessment:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

These materials will also help you regarding risk assessment:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar on demand] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 06, 2018

Jun 06, 2018

Suggested Topics

Guest user Created:   Oct 17, 2017 ISO 27001 & 22301
Replies: 1
0 0

Controls applicability

Guest user Created:   Jul 06, 2017 ISO 27001 & 22301
Replies: 1
0 0

Controls applicability

Guest user Created:   Aug 11, 2020 ISO 27001 & 22301
Replies: 1
0 0

Statement of Applicability