Guest
Documentation of control A.12.7.1
I’m in the middle of our journey towards to certification. Performed risk assessment and now it’s time to prepare risk treatment plan and SOA.
Assign topic to the user
Expert
Rhand Leal
Jul 13, 2018
I was wondering, how can I develop a control for A.12.7.1? should it be inside a policy? Which policy?
Answer: If you have identified risks or legal requirements that justify the application of control A.12.7.1 - Information systems audit controls, which requires careful planning and agreement regarding the verification of operational systems, I suggest you to develop its implementation in the Security Procedures for IT Department template, located in folder 11 Security Controls of the ISO 27001 Documentation Toolkit you bought.
This document helps define and ensure correct and secure functioning of information and communication technology for which the responsibility lays with the IT department, and you can include the implementation of control A.12.7.1 here.
Comment as guest or Sign in
Jul 13, 2018
Jul 13, 2018
Jul 13, 2018