all InfoSec news
ISO 27001 compliance question
Jan. 27, 2023, 8:37 p.m. | /u/Sultan_Of_Ping
cybersecurity www.reddit.com
When an ISO 27001 audit is done in organisation, and especially the implementation of its security controls, is the audit done against ISO 27001 or against the organisation policy?
Here's an example: A.9.2.5 requires that "Asset owners shall review user's access rights at regular intervals". But the organisation actual Security Policy may be more detailed, specifying …
access access rights asset audit compliance controls cybersecurity iso iso 27001 iso 27001 compliance may organisation policy question review rights security security controls security policy
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Senior InfoSec Manager - Risk and Compliance
@ Federal Reserve System | Remote - Virginia
Security Analyst
@ Fortra | Mexico
Incident Responder
@ Babcock | Chester, GB, CH1 6ER
Vulnerability, Access & Inclusion Lead
@ Monzo | Cardiff, London or Remote (UK)
Information Security Analyst
@ Unissant | MD, USA