Meses atrás tuvimos una call para hablar sobre el proceso de certificación. Revisando Conformio encuentro un campo “Objetivos de Control” sobre el cual no tengo mucha claridad para diligenciarlo. Por lo anterior, agradezco si me puedes compartir algunos ejemplos de la información que debe ir en este campo.
Assign topic to the user
Months ago we had a call to talk about the certification process. Reviewing Conformio I find a “Control Objectives” field on which I don't have much clarity to fill it out. For the above, I appreciate if you can share some examples of the information that should go in this field.
If I understood correctly, this field is part of the Statement of Applicability (SoA). Considering that, common practice is that the text of control objectives from ISO 27001 can be used (ISO organization does not seem to have a problem with such an approach, however, you should not copy anything else from the standard).
An example for control A.7.1.1 (Screening) would be: "To ensure that employees and contractors understand their responsibilities and are suitable for the roles for which they are considered."
This article will provide you further explanation about Statement of Applicability:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
Comment as guest or Sign in
Nov 27, 2019