ISO/IEC 27001 Control 5.35: Independent review of information security


The organization’s approach to managing information security and its implementation including people, processes and technologies should be reviewed independently at planned intervals, or when significant changes occur.

Necessity of MidPoint

MidPoint is not applicable for implementation of this control.

Implementation of the control is completely outside the scope of identity governance and administration (IGA).


This is purely organizational control, dealing with organization of independent reviews and audits. The control is concerned with legislation, processes and policies on a level far above the technical measures provided by midPoint.

Was this page helpful?
Thanks for your feedback