richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
iso27diy-corp/AuditGlue/Most Challenging Clauses in ISO 27001.md

18 lines
1.1 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Most Challenging Clauses in ISO 27001
Professionals cite difficulties with:
* **Clause 4: Context of the Organization**
* defining the organizations boundaries
* determining relevant interested parties
* documenting the complex interrelationships among processes required by Clause 4.4. Show how processes interact and link to business needs
* **Clause 6: Planning (Risk Assessment and Objectives)**
* identifying, evaluating, and treating risks
* choosing a risk methodology
* ensuring risk assessments meet auditor expectations
* **Clause 9: Performance Evaluation**
* Monitoring, measurement, analysis, and evaluation (especially Clause 9.1), esp. establish meaningful objectives, gather relevant metrics, and provide evidence of improvement.
* **Clause 10: Improvement (Nonconformity and Corrective Action)**
* a systematic approach to identifying, investigating, and tracking corrective actions.
* **Annex A Control Mapping and Statement of Applicability**
* The breadth of required controls and the need to justify inclusions/exclusions create confusion
Reference in a new issue View git blame Copy permalink