Get FREE 12-month access to the AI-Powered Knowledge Base worth $450
with your ISO 27001 toolkit purchase
Limited-time offer – ends June 27, 2024

Expert Advice Community

Guest

Controls in progress

  Quote
Guest
Guest user Created:   Jan 13, 2016 Last commented:   Jan 13, 2016

Controls in progress

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
AntonioS Jan 13, 2016

I have a question regarding, however, the certification audit process. Let's say I have defined my ISMS, I have a defined risk management process, and have selected x risks, assessed, analyzed and treated them, including writing action plans for them. When I defined my scope and wrote my SOA, there was about half controls listed which we selected for best practices purposes, and the other half based on risk treatment plan. In the process of audit for ISO27001, when we talk about Status of Implementation of these controls, can I receive the certificate if I have statuses marked as "In progress" instead of "Fully implemented"? 
 

Answer:

From my point of view, generally it is not a problem to obtain the certificate, I mean, you can have controls in “progress”, but remember that you need to include in the Risk Treatment Plan, for each control, the deadline for his implementation, and also remember that you need to develop the Risk Treatment Plan after the SoA, and also remember that you need to implement all the controls that cover majo r risks before the certification. This article can be interesting for you “Risk Treatment Plan and risk treatment process – What’s the difference?” : https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#treatment and also this article “The importance of Statement of Applicability for ISO 27001 ” : https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics