ISO/IEC 27001 Control 5.35: Independent review of information security
Control
The organization’s approach to managing information security and its implementation including people, processes and technologies should be reviewed independently at planned intervals, or when significant changes occur.
Necessity of MidPoint
MidPoint is not applicable for implementation of this control.
Implementation of the control is completely outside the scope of identity governance and administration (IGA).
Rationale
This is purely organizational control, dealing with organization of independent reviews and audits. The control is concerned with legislation, processes and policies on a level far above the technical measures provided by midPoint.
Related Controls
Was this page helpful?
YES
NO
Thanks for your feedback