Expert Advice Community

Guest

Handling of requirements

  Quote
Guest
Guest user Created:   Oct 29, 2019 Last commented:   Oct 29, 2019

Handling of requirements

What to do with the demands of standard that have long since been overcome. You know what I am thinking.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 29, 2019

If I understood correctly, you are referring to two possible situations:

  • 1. Standard's requirements do not make sense to the purpose of the standard anymore
  • 2 Standard's requirements do not make sense to your organization's context

In the first case, during the standard review (which occurs approximately every 5 years) such requirements can be excluded or reformulated.

In the second case, you have to verify in the standard if the requirement is mandatory or if there is any condition for exclusion that can be applied to your organization. In the case of ISO 27001, requirements from sections 4 to 10 are mandatory (you cannot exclude any of them), and controls from Annex A can be excluded considering the results of risk assessment.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 29, 2019

Oct 29, 2019