hese controls are listed in ISO27002. How do you decide whether they are mandatory or not? Because different companies will require different controls. For example, software developers will definitely require A12.6 – Technical Vulnerability Assessment.
The following are not in the toolkit. Please furnish:
A.18.1 Compliance with legal and contractual requirement