Expert Advice Community

Home / ISO 27001 & 22301 / Implement all the controls before certification audit?

Guest

Implement all the controls before certification audit?

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Jan 13, 2016 Last commented:   Jan 13, 2016

Implement all the controls before certification audit?

ISO 27001 & 22301
For SOA, status should be “Implemented” for all applicable controls before final audit or even “Planned” is acceptable.
0 0

Assign topic to the user

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 22301 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Guest
DejanK Jan 13, 2016

Answer:

If you go for the certification audit, you should have most of your controls implemented, and make sure that controls that mitigate the biggest risks are fully implemented.

In other words, you can leave only smaller number of less significant controls to be implemented after the certification. In such case, you have to ask risk owners to accept the residual risks.

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Jan 13, 2016

Jan 13, 2016

Suggested Topics
Guest user Created:   Apr 17, 2023 ISO 27001 & 22301
Replies: 3
0 0

Internal Audit and Statement of Applicability
Guest user Created:   May 12, 2016 ISO 27001 & 22301
Replies: 1
0 0

How long should the ISMS be in place before going for the certification audit
Guest user Created:   Oct 06, 2021 ISO 27001 & 22301
Replies: 2
0 0

ISO 27001 audits