Expert Advice Community

Guest

Mapping of requirements categories to ISO 27001 Compliance controls (Conformio)

  Quote
Guest
Guest user Created:   Jun 20, 2022 Last commented:   Jun 20, 2022

Mapping of requirements categories to ISO 27001 Compliance controls (Conformio)

We have a customer that requires that a quarterly Penetration test. We believe this requirement is related to Operation of information technology in the dropdown. So far so good, however we believe it also is related to ISO27001 control 18.2.3 Technical compliance review, however there is no corresponding option in the dropdown to choose a Compliance type of category for this requirement. Is this an omission? Or, to what dropdown item should we map this requirement so that it shows up in the appropriate area of the SoA?

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 20, 2022

Since you stated that this is a customer requirement, the option “Specifying mandatory safeguards” would be a better option than “Operation of information technology”.

Regarding compliance, you can select the option “Internal audit”, since one of the purposes of an internal audit is to ensure compliance with specified requirements.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 20, 2022

Jun 20, 2022

Suggested Topics

pace_iso Created:   Feb 02, 2023 ISO 27001 & 22301
Replies: 0
0 0

Approved Certification bodies

Guest user Created:   Feb 02, 2023 ISO 27001 & 22301
Replies: 2
0 0

ISMS audit