Documentation content
- I am working through the Statement of Applicability and have found that the Control Objectives listed in the Statement of Applicability do NOT align with those found in the PDF ISO 27001 Controls and Objectives. In the Statement of Applicability it shows the control for A.6.1.2 as Segregation of duties, but then when I go to the PDF for the 270001 Control and Objectives it shows A.6.1.2 Information security coordination.
- Based on the response , can you please provide the 2013 Annex A List of Controls and Objectives, as the one I have is 2005 and does not align with the Statement of Applicability in the toolkit.
Assign topic to the user
I am working through the Statement of Applicability and have found that the Control Objectives listed in the Statement of Applicability do NOT align with those found in the PDF ISO 27001 Controls and Objectives.
In the Statement of Applicability it shows the control for A.6.1.2 as Segregation of duties, but then when I go to the PDF for the 270001 Control and Objectives it shows A.6.1.2 Information security coordination.
Control A.6.1.2 Information security coordination is listed in the old 2005 revision of ISO 27001, which was superseded by a new 2013 revision, which is the current one.
In 2013 version of ISO 27001, control A.6.1.2 refers to Segregation of duties. Considering that, you have to follow the Statement of Applicability document.
Based on the response , can you please provide the 2013 Annex A List of Controls and Objectives, as the one I have is 2005 and does not align with the Statement of Applicability in the toolkit.
I'm sorry, but ISO 27001 standard is an intellectual property of ISO, and we do not have the license to sell it, as a whole or only some parts.
You can buy this standard at this link: www.iso.org/standard/54534.html
Comment as guest or Sign in
Sep 24, 2018