Expert Advice Community

Guest

Requirements vs Controls

  Quote
Guest
Leonardo Farias Created:   Apr 14, 2020 Last commented:   Apr 14, 2020

Requirements vs Controls

Hi guys, I hope you all are ok. I'm studying the ISO/IEC 27001 and what are the differences between Requirement and Controls? Thanks in advantage.

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 14, 2020

Requirement is something you need to do to be compliant with the standard. It is essential if you want to be certified against the standard. Requirements are listed in clauses 4 to 10 of the main part of the standard.

Controls are practices or technologies, you need to implement to: reduce risks to acceptable levels; fulfill legal requirements (e.g., laws, regulations or contracts); or fulfill a top management demand. Controls are listed in Annex A

This article will provide you further explanation about how ISO 27001 works:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 14, 2020

Apr 14, 2020