We have a few questions regarding applicability in the toolkit.
1) Appendix 1 – List of Legal, Regulatory, Contractual and Other Requirements
Could you provide some guidance how we can tackle this?
2) STATEMENT OF APPLICABILITY - Applicability of controls .
Justification for selection/ non-selection
We'd also appreciate some more guidance regarding this subject.
3) BRING YOUR OWN DEVICE (BYOD) POLICY.
Could you please help us understand why it is not allowed to do the following with BYOD connect via Bluetooth to any kind of device?
4) Risk Assessment 05.2_Appendix_2_Risk_Treatment_Table_27001_EN and 05.1_Appendix_1_Risk_Assessment_Table_27001_EN and
How can we ensure we include all applicable risks? From your experience, is it enough to keep the risks suggested from the toolkit? Do you have any techniques to assess the risk ourselves?