Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

Documentation of control A.12.7.1

  Quote
Guest
Guest user Created:   Jul 13, 2018 Last commented:   Jul 13, 2018

Documentation of control A.12.7.1

I’m in the middle of our journey towards to certification. Performed risk assessment and now it’s time to prepare risk treatment plan and SOA.
0 0

Assign topic to the user

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.

Expert
Rhand Leal Jul 13, 2018

I was wondering, how can I develop a control for A.12.7.1? should it be inside a policy? Which policy?

Answer: If you have identified risks or legal requirements that justify the application of control A.12.7.1 - Information systems audit controls, which requires careful planning and agreement regarding the verification of operational systems, I suggest you to develop its implementation in the Security Procedures for IT Department template, located in folder 11 Security Controls of the ISO 27001 Documentation Toolkit you bought.

This document helps define and ensure correct and secure functioning of information and communication technology for which the responsibility lays with the IT department, and you can include the implementation of control A.12.7.1 here.
Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Jul 13, 2018

Jul 13, 2018

Suggested Topics