BLACK FRIDAY DISCOUNT
Get 30% off on toolkits, course exams, Conformio, and Company Training Academy yearly plans.
Limited-time offer – ends December 2, 2024
Use promo code:
30OFFBLACK

Expert Advice Community

Guest

Energy Management

  Quote
Guest
Guest user Created:   Mar 15, 2023 Last commented:   Mar 15, 2023

Energy Management

We are an energy utility company and are seeking to implement ISO 27001:2022 throughout our business units. We also came across ISO 27019:2020 and there some additional controls specifically for energy utility company. Do we need to add these controls in our SOA? If so, how will we insert it? Thank you!

0 0

Assign topic to the user

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 15, 2023

Unless you have specific legal requirements (e.g., laws, regulations, or contracts) demanding implementation of ISO 27019 controls, you do not need to include them in the ISMS implementation.

Please note that ISO 27001 controls are comprehensive enough to be applied to any industry, and ISO 27019 only provides specific implementation guidance and controls for the energy utility industry.

In case you need to include ISO 27019 in your implementation, based on the results of risk assessment and applicable legal requirements, you include relevant additional recommendations to existent controls they refer to (e.g., in case there are specific recommendations for control A.9.1.1 – Access control policy, you included these specific recommendations in the way you implement it), or you include a new control specific of the standard (e.g., control 12.9.1 – Integrity and availability of safety functions).

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Mar 15, 2023

Mar 15, 2023

Suggested Topics