An organization that is implementing the ISMS based on ISO/IEC 27001 has defined and communicated secure system architecture and engineering principles. However, there is no documented information related to these principles. Is this acceptable?
A.
Yes, the standard requires organizations to only communicate secure system architecture and engineering principles
B.
Yes, documented information related to secure system architecture and engineering principles is not directly required by the standard
C.
No, documenting secure system architecture and engineering principles is required by the standard
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit