Requirement for vulnerability scanning
Assign topic to the user
ISO 27001 PROCEDURE FOR IDENTIFICATION OF REQUIREMENTS
Basics of identification of interested parties and their requirements.
Get it now 
ISO 27001 PROCEDURE FOR IDENTIFICATION OF REQUIREMENTS
Basics of identification of interested parties and their requirements.
Get it now
ISO 27001 PROCEDURE FOR IDENTIFICATION OF REQUIREMENTS
Basics of identification of interested parties and their requirements.
Get it now
Answer: The performing of vulnerability scanning or penetration testing, either by the organization itself or by a 3rd party, are options to be considered only if the control A.18.2.3 (Technical compliance review) is considered applicable as result of risk assessment or because of a top management decision. It is important to understand that vulnerability scanning or penetration testing are only options. If other means, like manual reviews, can fulfill your needs, the performing of vulnerability scanning or penetration testing are not necessary.
This article will provide you further explanation about vulnerabilities management:
- How to use penetration testing for ISO 27001 A.12.6.1 https://advisera.com/27001academy/blog/2016/01/18/how-to-use-penetration-testing-for-iso-27001-a-12-6-1/
Comment as guest or Sign in
Mar 06, 2018