ISO/IEC 27001 Control 5.35: Independent review of information security

Control

The organization’s approach to managing information security and its implementation including people, processes and technologies should be reviewed independently at planned intervals, or when significant changes occur.

Necessity of MidPoint

MidPoint is not applicable for implementation of this control.

Implementation of the control is completely outside the scope of identity governance and administration (IGA).

Rationale

This is purely organizational control, dealing with organization of independent reviews and audits. The control is concerned with legislation, processes and policies on a level far above the technical measures provided by midPoint.

Was this page helpful?
YES NO
Thanks for your feedback