An organization has justified the exclusion of control 5.18 Access rights of ISO/IEC 27001 in the Statement of Applicability (SoA) as follows: “An access control reader is already installed at the main entrance of the building.” Which statement is correct?
Answer is B , justification is not acceptable and does not reflect the purpose of control 5.18. Control Control 5.18 enables an organisation to establish and implement appropriate procedures and controls to assign, modify and revoke access rights to information systems in compliance with the organisation’s access control policy and its access controls.
** Control 5.18 covers - Identity and Access Management**