SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

SoA and selection of controls

  Quote
Guest
Guest user Created:   May 13, 2020 Last commented:   May 13, 2020

SoA and selection of controls

I have a question about SoA and selection of controls:

If control is selected as applicable in which extent the control is required to implement?

For example: if  control A.9.4.3 Password management system is selected as applicable is it required to implement to every single system/application in the Company or is it enough to implement it according to assessed need (based on assessed risks and other relevant information concerning the systems/applications)?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 13, 2020

You have to implement a control only to the extent it reduces related risks to acceptable levels and ensures legal requirements (e.g., laws, regulations, or contracts) are fulfilled.

This article will provide you a further explanation about risk treatment:

These materials will also help you regarding risk treatment:

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

May 13, 2020

May 13, 2020

Suggested Topics

Guest user Created:   Jun 04, 2019 ISO 27001 & 22301
Replies: 1
0 0

SOA question

Guest user Created:   Sep 10, 2019 ISO 27001 & 22301
Replies: 1
0 0

Filling SoA