Expert Advice Community

Guest

Measures Appendix A

  Quote
Guest
Guest user Created:   Feb 03, 2021 Last commented:   Feb 03, 2021

Measures Appendix A

1 - we are in possession of your toolkit for ISO 27001 and are in point 6 (declaration of applicability). The 114 specified measures are to be checked for applicability. For us, however, the question arises as to whether all measures really have to be applied, since theoretically quite a few of them could be used or whether only suitable measures have to be defined for the risks that we have assessed with risk levels 3 and 4 (unacceptable risks).

2 - In addition, we would like to know whether there are any legal regulations in Germany to which we must pay special attention in the course of the introduction of Iso 27001.

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 03, 2021

1 - we are in possession of your toolkit for ISO 27001 and are in point 6 (declaration of applicability). The 114 specified measures are to be checked for applicability. For us, however, the question arises as to whether all measures really have to be applied, since theoretically quite a few of them could be used or whether only suitable measures have to be defined for the risks that we have assessed with risk levels 3 and 4 (unacceptable risks).

Please note that you only have to state as applicable in the Statement of Applicability the controls you defined as needed to treat the risks you identified as unacceptable (according to your Risk Treatment Table), and those required by legal requirements. For the other controls, you can state that they are not applicable because there are no risks or legal requirements demanding their implementation.

By the way, included in your toolkit you have access to a video tutorial that can help you fill in the Statement of Applicability.

For further information, see:

2 - In addition, we would like to know whether there are any legal regulations in Germany to which we must pay special attention in the course of the introduction of Iso 27001.

We are not legal experts, so our recommended approach is indeed for organizations to hire local expert advice to identify legal requirements that must be fulfilled to be compliant with the ISO 27001 in required countries. An online search can help at the beginning of your work (for an overview), but local expert advice is highly recommended.

This article can provide a start: https://advisera.com/27001academy/01academy/emy/ademy/my/knowledgebase/laws-regulations-information-security-business-continuity/

But please note that the list in this article is not fully up-to-date because it depends on voluntary contributions from our readers – therefore, it is likely that not all regulations for each country are listed (some even may have been withdrawn).

This article will provide you a further explanation about the identification of requirements:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 03, 2021

Feb 03, 2021

Suggested Topics

Guest user Created:   Jun 16, 2021 ISO 27001 & 22301
Replies: 1
0 0

Filling documents

Guest user Created:   Apr 30, 2020 ISO 27001 & 22301
Replies: 1
0 0

Annex A