left-svg
Bonus expert support worth $500
with the ISO 27001 Documentation Toolkit
Limited-time offer – ends June 30, 2022.
right-svg

Expert Advice Community

Guest

Mapping of requirements categories to ISO 27001 Compliance controls (Conformio)

  Quote
Guest
Guest user Created:   Jun 20, 2022 Last commented:   Jun 20, 2022

Mapping of requirements categories to ISO 27001 Compliance controls (Conformio)

b-next has a customer that requires that a quarterly Penetration test. We believe this requirement is related to Operation of information technology in the dropdown. So far so good, however we believe it also is related to ISO27001 control 18.2.3 Technical compliance review, however there is no corresponding option in the dropdown to choose a Compliance type of category for this requirement. Is this an omission? Or, to what dropdown item should we map this requirement so that it shows up in the appropriate area of the SoA?

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 20, 2022

Since you stated that this is a customer requirement, the option “Specifying mandatory safeguards” would be a better option than “Operation of information technology”.

Regarding compliance, you can select the option “Internal audit”, since one of the purposes of an internal audit is to ensure compliance with specified requirements.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 20, 2022

Jun 20, 2022

Suggested Topics