Template content
Assign topic to the user
Answer:
First it is important to note that ISO 27001 does not require each control in Annex A to be documented. In some cases all you need is to include in the Statement of Applicability (SOA) a brief explanation of how it is implemented.
In case you decide to document recommendations of controls A 18.2.2 and A 18.2.3, they can be included in the internal audit procedure, since these controls and the procedure aim to ensure that information security is implemented and operated in accordance with defined requirements.
You can schedule a meeting with one of our experts so he can help you about the changes that should be made on your documentation. To schedule a meeting, please access this link: https://advisera.com/27001academy/consultation/
Comment as guest or Sign in
Jul 18, 2019