Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

In this list, all the elements from the 27002 standard are registered. The system is already adapted to the 2022 version of the standard and has all the functions required. You can save a lot of time by having these imported. Contact our support if you want this. Controls are also used by other standards such as 22000 - food safety.

Explanation for some tabs/fields

  • Controls

    • Category: choose your own categorization of the security measures if you handle many different types

    • Source: which standard or chapter of the standard these come from, possibly other requirements

    • Responsible: this person owns the security measure itself and will be notified at the next audit

    • Next audit: notice of an audit will be sent to the Responsible on this date and every 14 days thereafter

    • Optional: if the security measure is no longer used, it is "un-tagged".

    • Status: the field makes it easier to choose the right control in Risk, Assets and Purpose. If you choose "4. Not applicable" you must fill in an explanation of why - as 27001 requires. Here you have the choices

      • 1. To be implemented

      • 2. Partially implemented

      • 3. Implemented

      • 4. Not applicable

  • Themes and Attributes

    • Here it is chosen according to the 27002:2022 standard

  • Action plan

    • When new measures are entered, these can be linked to predefined Action Plans. Since measures have cost fields, the cost picture for the various Action Plans is summarized.

    • Action plans are important to use since one and the same security measure may have to be implemented in several different places and updated several times.

  • Risks

    • The security measures can be risk assessed, which in some cases can be very important for how and whether it should be implemented.

Videos

Tagging

Controls are used in several places in the system to document where they have an effect:

  • Assets under the Actions tab: to show that they affect the current Asset

  • Objectives under the Actions tab: to show that they affect the relevant Objective

  • Risk: to show that they are helping to reduce the risk / take advantage of the opportunity

Reports

The work with the Controls forms the basis for several IS reports such as the Declaration of Applicability / SOA.

  • No labels