Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

SoA and selection of controls

  Quote
Guest
Guest user Created:   May 13, 2020 Last commented:   May 13, 2020

SoA and selection of controls

I have a question about SoA and selection of controls:

If control is selected as applicable in which extent the control is required to implement?

For example: if  control A.9.4.3 Password management system is selected as applicable is it required to implement to every single system/application in the Company or is it enough to implement it according to assessed need (based on assessed risks and other relevant information concerning the systems/applications)?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 13, 2020

You have to implement a control only to the extent it reduces related risks to acceptable levels and ensures legal requirements (e.g., laws, regulations, or contracts) are fulfilled.

This article will provide you a further explanation about risk treatment:

These materials will also help you regarding risk treatment:

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

May 13, 2020

May 13, 2020

Suggested Topics

Guest user Created:   Jun 04, 2019 ISO 27001 & 22301
Replies: 1
0 0

SOA question

Guest user Created:   Sep 10, 2019 ISO 27001 & 22301
Replies: 1
0 0

Filling SoA