SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Home / ISO 27001 & 22301 / SoA and A.16 controls

Guest

SoA and A.16 controls

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Oct 04, 2016 Last commented:   Oct 04, 2016

SoA and A.16 controls

ISO 27001 & 22301
I've a question about SoA and A.16 controls. I can't justify the implementation of A.16 controls linking them to a specific risk. I think that the implementation of all A.16 controls is related to all risks, because we can use the lessons learned in incidents treatment to reduce the impact or probability of any incident in the future (which could be related to any risk).
0 0

Assign topic to the user

ISO 27001 INCIDENT MANAGEMENT PROCEDURE

The basics of detection and response to security incidents.

ISO 27001 INCIDENT MANAGEMENT PROCEDURE

The basics of detection and response to security incidents.
Expert
Dejan Kosutic Oct 04, 2016

Would it be acceptable justify the implementation of all A.16 controls using "All risks" instead of a specific risk?

Answer:

Basically, you are right - Incident management as described in section A.16 is applicable because of any risk that you have. You could have some exceptions to that rule - e.g. A.16.1.7 Collection of evidence might be applicable to only some types of incidents; however in general for each control you can say that the reason for their applicability is all the risks that you identified.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 03, 2016

Oct 03, 2016

Suggested Topics
Guest user Created:   Apr 06, 2019 ISO 27001 & 22301
Replies: 1
0 0

Templates content
Guest user Created:   Jan 12, 2016 ISO 27001 & 22301
Replies: 1
0 0

SoA and mandatory documents
Gerry Created:   Nov 27, 2023 ISO 27001 & 22301
Replies: 1
0 0

SoA Tasks