Physical controls selection
Assign topic to the user
Answer:
ISO 27001 does not prescribe which controls for physical premises must be used.
A control is mandatory to be implemented only if:
- results of risk assessment identify unacceptable risks that can be treated by the control
- there are laws , contracts or regulations that require the control to be implemented
- there is a top management decision requiring the control Implementation.
If none of these occurs you do not have to Implement a control.
The following articles can provide you a view about physical protection:
- Physical security in ISO 27001: How to protect the secure areas https://advisera.com/27001academy/blog/2015/03/23/physical-security-in-iso-27001-how-to-protect-the-secure-areas/
- How to pro tect against external and environmental threats according to ISO 27001 A.11.1.4 https://advisera.com/27001academy/blog/2016/01/25/how-to-protect-against-external-and-environmental-threats-according-to-iso-27001-a-11-1-4/
This article will provide you further explanation about selection of controls:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
Comment as guest or Sign in
May 29, 2019