Hi guys, I hope you all are ok. I'm studying the ISO/IEC 27001 and what are the differences between Requirement and Controls? Thanks in advantage.
Assign topic to the user
ISO 27001 FOUNDATIONS COURSE
Everything you need to know about ISO 27001.
Enroll for free 
ISO 27001 FOUNDATIONS COURSE
Everything you need to know about ISO 27001.
Enroll for free
ISO 27001 FOUNDATIONS COURSE
Everything you need to know about ISO 27001.
Enroll for free
Requirement is something you need to do to be compliant with the standard. It is essential if you want to be certified against the standard. Requirements are listed in clauses 4 to 10 of the main part of the standard.
Controls are practices or technologies, you need to implement to: reduce risks to acceptable levels; fulfill legal requirements (e.g., laws, regulations or contracts); or fulfill a top management demand. Controls are listed in Annex A
This article will provide you further explanation about how ISO 27001 works:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
Comment as guest or Sign in
Apr 14, 2020