SoA - controls
How do I cover this and controls with similar status? Do I need to develop my own policies in that case? Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
When only a task is defined as the implementation method of control it means that this control does not require specific documentation, so you do not need to develop your own policy or procedure.
In cases like this, you only need to provide a record showing that the task was performed. For example, for control A.6.1.2 you only need to provide a list of which activities were divided. For control A.6.1.3 you need to provide a list of which authorities need to be contacted.
For further information, see:
- Segregation of duties in your ISMS according to ISO 27001 A.6.1.2 https://advisera.com/27001academy/blog/2016/11/21/segregation-of-duties-in-your-isms-according-to-iso-27001-a-6-1-2/
- Records management in ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2014/11/24/records-management-in-iso-27001-and-iso-22301/
Comment as guest or Sign in
Jan 13, 2022