ISO 27001 - must you implement all the 133 controls?
Assign topic to the user
When implementing ISO 27001 you must implement only the controls that are applicable, that is - only those controls that are required per your risk assessment or per some other legal or contractual requirements. See also this article: The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
By the way, new 2013 revision of ISO 27001 has 114 controls - see also this article:
Overview of ISO 27001:2013 Annex A https://advisera.com/27001academy/iso-27001-controls/
Comment as guest or Sign in
Jan 12, 2016