Expert Advice Community

Guest

Controls implementation, SoA and audit

  Quote
Guest
Guest user Created:   Feb 08, 2017 Last commented:   Feb 08, 2017

Controls implementation, SoA and audit

Will it be the expectation of our auditor that all of the controls deemed in scope for the SoA will be in place for the stage 1 and 2 audits? Or is there some timescale allowed that controls are implemented during the process?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 08, 2017

Answer: The auditor can accept certain controls stated in the SoA to be implemented after the certification if: (1) all the major risks are resolved before the certification, (2) in the Risk Treatment Plan it is clearly defined that those controls will be implemented at a later date, and (3) the risk owners have accepted the risks related to controls that will be implemented later.

These materials will also help you regarding Risk Assessment and Treatment:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 08, 2017

Feb 08, 2017

Suggested Topics