Expert Advice Community

Home / ISO 27001 & 22301 / Controls selection

Guest

Controls selection

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Sep 20, 2017 Last commented:   Sep 20, 2017

Controls selection

ISO 27001 & 22301
I am unsure how to select appropriate controls. Let's say we have a safe with sensitive documents. The identified risk is that only one person knows the code. The solution is quite obvious but the control is not. Could you please provide some guidance?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Rhand Leal Sep 20, 2017

Answer: Considering your example the ISO 27001 controls that you should consider are:
- Control A.9.3.1 Use of secret authentication information (this control provides orientation on how to store secret authentication information)
- Control 9.2.3 Management of privileged access rights (this control provides orientation on how secret authentication information should be maintained when shared)

Both controls can help you to treat the mentioned risk.
This material will also help you regarding ISO 27001 controls:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 20, 2017

Sep 20, 2017

Suggested Topics
Guest user Created:   May 29, 2019 ISO 27001 & 22301
Replies: 1
0 0

Physical controls selection
Guest user Created:   Jan 24, 2019 ISO 27001 & 22301
Replies: 1
0 0

Controls selection
Guest user Created:   Oct 22, 2021 ISO 27001 & 22301
Replies: 1
0 0

AML-ISO 27001