Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

ISO 27001 - must you implement all the 133 controls?

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

ISO 27001 - must you implement all the 133 controls?

I would like to do next question about ISO27001. when you are developing ISO 27001, must you be implementation all controls of ISO 27001?, the 133 controls?...or only the controls that apply?
0 1

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
DejanK Jan 12, 2016

When implementing ISO 27001 you must implement only the controls that are applicable, that is - only those controls that are required per your risk assessment or per some other legal or contractual requirements. See also this article: The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

By the way, new 2013 revision of ISO 27001 has 114 controls - see also this article:
Overview of ISO 27001:2013 Annex A https://advisera.com/27001academy/iso-27001-controls/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics