Guest
Mapping of requirements categories to ISO 27001 Compliance controls (Conformio)
We have a customer that requires that a quarterly Penetration test.
We believe this requirement is related to Operation of information technology in the dropdown.
So far so good, however we believe it also is related to ISO27001 control 18.2.3 Technical compliance review, however there is no corresponding option in the dropdown to choose a Compliance type of category for this requirement.
Is this an omission? Or, to what dropdown item should we map this requirement so that it shows up in the appropriate area of the SoA?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Expert
Rhand Leal
Jun 20, 2022
Since you stated that this is a customer requirement, the option “Specifying mandatory safeguards” would be a better option than “Operation of information technology”.
Regarding compliance, you can select the option “Internal audit”, since one of the purposes of an internal audit is to ensure compliance with specified requirements.
Comment as guest or Sign in
Jun 20, 2022
Jun 20, 2022
Jun 20, 2022