Controls application
Assign topic to the user
Answer:
ISO 27001 does not prescribe how many controls you must use to treat a risk, so you can use as many controls as you see is proper for your organizations (the applicable controls will have to be stated as such on the SoA. It is important to note that while applying multiple controls can significantly decrease a risk, it will also require more administrative effort, and these controls may also introduce new risks, so this approach should balance security with effort and new risks.
This article will provide you further explanation about SoA:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
Comment as guest or Sign in
Nov 27, 2018