Guest
Physical security Policy
Hi Dejan,
I have a doubt. For ISo 27001:2013, 11.1.3 refers to CCTV controls. Does it mean it directly?.
If CCTV is not recording is that an Incident? Also if CCTV details and other Access Control events are not backed up is this an Incident? Can you please explain Why? it compensatory controls and how to resolve it?
Thanks,
Vijay
Assign topic to the user
Guest
Guest post
Jan 12, 2016
Hi Vijay
- CCTV is not a requirement in ISO 27001. You should implement this cotnrol when the risk assessment pushes you to it.
- The two issues you present is not an incident, but a non conformity. An incident is 'en event that prevents you from reaching your objectives'.
- I do not really understand what you mean by 'compensating controls' in this case. if you provide more details I'll be able to answer.
Regards
Jaan-Luc
Comment as guest or Sign in
Jan 12, 2016
Jan 12, 2016
Jan 12, 2016