Question: Control type and other tags in ISO 27002:2022

With ISO 27002:2022 adding tagging for Control Type, Information Security Properties, CyberSecurity Concepts, and Security Domains in the 2022 rework of the standard, it would be grand to have these as field types/values available in the compliance package items. Normally, I’d add these as custom fields, but this part of Eramba can’t be customized. Please consider for a future release either extending the schema to accommodate 27002:2022 or allowing this to be manually extended through custom fields.

1 Like

yes i build the template and noticed these additional columns, but eramba on the compliance module only has 7 columns so there was no space to put this stuff … which we will see how is used, but in my view for the time being is contextual and irrelevant to the certification process itself meaning they wont ask you for 5 preventive controls, etc …

if you enable custom fields, these will be available to all compliance analysis items, not just ISO … so what you do with them?

no easy decision here … we certainly do not want to make eramba ISO alone centric. we’ll wait how the standard is audited this year and what is really needed and what not.

thanks for the feedback