Post

2 followers Follow
0
Vote
Avatar

Mandated Controls - Are they required to implement?

We have a list of controls that we have implemented and are testing.  If I select the authority document that is associated to a particular control and there are 5 other mandated controls associated to that authority document, does that mean you MUST implement and comply all those mandated controls?  Or does it mean that if you choose any of the mandated controls you must follow the rules of mandated type controls?  i.e.

  • Assigned to roles for accountability
  • Tracked to completion
David Pierce Answered

Official comment

Avatar

David,

yes, all mandated controls associated with authority documents your organization must comply with, example ISO 27001, must be tracked to completion and assigned to roles for accountability. Here are a couple of articles to provide additional information:

https://support.commoncontrolshub.com/hc/en-us/articles/204278525-What-is-the-difference-between-an-Implied-Mandated-and-an-Implementation-Control-

Tracking

Let us know if you have additional questions.

UCF Support

Please sign in to leave a comment.

1 comment