Software development company
Assign topic to the user
If your projects are include in the scope of the ISMS, sure, you need to implement both controls, because both are related with the protection of the information (it is the more important thing in the ISO 27001).
In the Annex A, you can find this security control: A.9.4.3 Password management system. What could happen if your company do not have this control? Any unauthorized person could have access to restricted information.
Also you can find this control: A.12.4.1 Event logging. Here you can ask me: Why this control is important? If there are many attempts of unauthorized access, it is likely that someone is trying to access to restricted information, and you need a control to avoid this.
Therefore, if you implement an ISMS in your organization, and the risk assessment determines that the risk level is not acceptable, you must implement these 2 controls.
Finally I recommend you this article where you can find more information about ISO 27001 "What is ISO 27001?": https://advisera.com/27001academy/what-is-iso-27001/
Comment as guest or Sign in
Jan 12, 2016