Expert Advice Community

Implementation of applicable controls

  Quote
Nika Created:   Feb 09, 2021 Last commented:   Feb 10, 2021

Implementation of applicable controls

Hi Advisera Team!

For controls that are applicable for us based on risk assessment, do we need to implement them as stated in ISO 27002, or can we interpret them ourselves? When it should be strict according to ISO 27002, then do we have to implement everything what stays there with the word "shall"?

Thank you for your help!

 

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 10, 2021

Please note that ISO 27002 is a support standard that provides guidelines and recommendations for implementation of ISO 27001 Annex A controls, so it is not mandatory, and you can adapt its contents to your context, provided you fulfill the security objectives and security controls statement provided in the ISO 27001 Annex A.

Regarding the word “shall”, please note that ISO 27002, as a guideline, does not use the word “shall”, but “should”, and that for ISO world means that its content can be implemented or not, according to your needs.

This article will provide you a further explanation about ISO 27002:

These materials will also help you regarding controls from Annex A:

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Feb 09, 2021

Feb 10, 2021

Suggested Topics

Guest user Created:   Mar 26, 2021 ISO 27001 & 22301
Replies: 1
0 0

ISMS Implementation Flow

Guest user Created:   Oct 01, 2020 ISO 27001 & 22301
Replies: 1
0 0

Questions for applicability