Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Most organisations will chose Annex A as their normal set of controls, with additional controls chosen for particular business requirements.

Effectiveness

Your selection of controls must be practical for your organisation and staff to implement and understand, otherwise they will not be effective.

Selection

All controls must be selected for a reason. The core reason in ISO 27001 is to address a specific risk. The control must do something to reduce this risk.

Controls may also be selected because a customer has asked you to implement it, or because a law or regulation requires it. You should try to understand these external factors in Section 4 of the standard.


This section should have a reference to ISO 27001 chapter 6: planning.

...