An organization documented each security control that it implemented by describing their functions in detail. Is this compliant with ISO/IEC 27001?
An organization documented each security control that it implemented by describing their functions in detail. Is this compliant with ISO/IEC 27001?
The answer here is c Yes, but documenting each security control and not the process in general will make it difficult to review the documented information ISO/IEC 27001 does not specify the form of the SoA. It requires, however that it includes a list of the information security controls, the justification for the inclusions, and actions taken to implement the selected controls.