Hi prabh, Could you make a shorts or summary video. Which lists all the mandatory documents and also the best practice documents for ISO27001 for easy reference
For A.8.30 Outsourced development , as per the given case study the applicability of controls is No, but the reason for exclusion is " All software and applications used are sourced from third party vendors...". If softwares and applications are provided by third party vendors , shouldn't there be a Control for it like contact, patching etc. otherwise who and how the org is going to address the risk emerging from those application.
Thanks Prabh for the content ✌
Hi prabh, Could you make a shorts or summary video. Which lists all the mandatory documents and also the best practice documents for ISO27001 for easy reference
Is isms summary manual a mandatory document? or it is just a best practice
@@vinesh7665 it's best practice
For A.8.30 Outsourced development , as per the given case study the applicability of controls is No, but the reason for exclusion is " All software and applications used are sourced from third party vendors...". If softwares and applications are provided by third party vendors , shouldn't there be a Control for it like contact, patching etc. otherwise who and how the org is going to address the risk emerging from those application.
@@vinesh7665 agree that is already covered in vendors management