LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

SoA - controls

  Quote
Guest
Guest user Created:   Jan 13, 2022 Last commented:   Jan 13, 2022

SoA - controls

When a status of a controls says "Planned" and there is no document but only a task there, does this mean we need to develop our own policy? For example control A 6.1.2. has the status "Planned" however the implementation method is a task and there are no documents : https://i.imgur.com/5Smc3Fu.png How do I cover this and controls with similar status? Do I need to develop my own policies in that case?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 13, 2022

When only a task is defined as the implementation method of control it means that this control does not require specific documentation, so you do not need to develop your own policy or procedure.  

In cases like this, you only need to provide a record showing that the task was performed. For example, for control A.6.1.2 you only need to provide a list of which activities were divided. For control A.6.1.3 you need to provide a list of which authorities need to be contacted.

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 13, 2022

Jan 13, 2022

Suggested Topics

Guest user Created:   Feb 06, 2021 ISO 27001 & 22301
Replies: 1
0 0

Mandatory controls for SoA

Guest user Created:   Oct 29, 2020 ISO 27001 & 22301
Replies: 3
0 0

SoA - status of controls