ISO 27001 requirements for controls
Assign topic to the user
Answer: What ISO 27001 requires is that an organization considers its context and assesses its risks to implement proper controls to bring risks to acceptable levels. So the decision for immediate removal of users access is up to each organization, based on its risk assessments, legal or contractual requirements.
This article will provide you further explanation about access control:
- How to handle access control according to ISO 27001 https://advisera.com/27001academy/blog/2015/07/27/how-to-handle-access-control-according-to-iso-27001/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
These materials will also help you regarding access control:
- Book Secure & Simple: A Small-Bu siness Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
May 09, 2017