ISO27001 clause & controls alignment
I would like to know which ISO 27001 annex A controls relate to which 27001 clauses, for example clause 4 is covered by control A??? Or is it not that simple?
Assign topic to the user
Please note that there is no connection between individual clauses to particular controls.
This is so because the purpose of the main part of the standard (clauses 4 to 10) is to manage security (e.g., risk management, internal audit, etc.), whereas the purpose of Annex A is to decrease risks with controls.
The main part of the standard determines how to select safeguards, how to manage them, how to measure if they are successful, and so on, whereas Annex A controls describe what needs to be implemented.
For further information, see:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
Comment as guest or Sign in
Oct 27, 2022