How many controls are there in ISO 27001? Now some people might actually view
the seven requirements, seven clauses of 27001 are in itself controls, but apart
from that let's leave that separate, typically what people would look at is
the Annex-A of the whole list of controls at the very very high level
there's thirteen controls in Annex-A however, each of those 13 controls have
sub controls so in reality there's a total of 114 controls
in Annex-A of the 27001 standard however important to note that depending
on your organization's requirements not all controls are mandatory to implement.
However you have to do to justify where they no including or excluding of
control but again it's very comprehensive because it's catered for
all types of industries all types of organization not just IT you can pick it
up and say yes, a whole set of these controls is applicable to my
manufacturing process, it's applicable to my pharmaceutical company, it's
applicable to the hospital or to other industries that's why it's
all-encompassing that's why I gives still the opportunity to say well these
controls are applicable these controls are not, you may not be managing your own
data center, you may have an external provider and in which case you
can further evaluate whether the controls in terms of data center is
applicable to you or not.
Không có nhận xét nào:
Đăng nhận xét