Document references
Assign topic to the user
Controls A.12.4.1 Event logging, and A.12.4.3 Administrator and operator logs are covered by template Security Procedures for IT Department (section 3.7 System monitoring), located in folder 08 Annex A Security Controls >> A.12 Operations Security.
Control A.12.4.2 Protection of log information is a technical control, which means its implementation is performed directly in the systems, not in the documentation.
For further information, see:
- Logging and monitoring according to ISO 27001 A.12.4 https://advisera.com/27001academy/logging-according-to-iso-27001/
Regarding controls from section A.12.6 Technical vulnerability management, control A.12.6.2 Restrictions on software installation is covered by template IT Security Policy, located in folder 08 Annex A Security Controls >> A.8 Asset Management
Control A.12.6.1 Management of technical vulnerabilities is more of a technical control, which means its implementation is performed directly in the systems, not in the documentation.
For further information, see:
- How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1 https://advisera.com/27001academy/blog/2015/10/12/how-to-manage-technical-vulnerabilities-according-to-iso-27001-control-a-12-6-1/
Regarding control from section A.12.7 Information systems audit considerations, and control A.18.2.3 Technical compliance review, they are implemented by means of the Internal Audit Procedure, located in folder 10 Internal Audit, during the audit planning phase.
For further information, see:
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
Comment as guest or Sign in
Nov 19, 2021