Hi Folks,
We, CSA JP translation WG found several errata on CCM v4.0.2 control mapping with ISO/IEC 27001/02/17/18.
1) DCS-04
There's a map to 27007:8.3.3. This might be typo of 27002:8.3.3, not 27007.(ISO/IEC 27007 is the audit guideline for ISMS, fyi).
2) STA-01, STA-12
Both control contain a map to 27001:A.5.2, but there is no A.5.2 in ISO/IEC 27001. This might be a typo of 15.2 Supplier service delivery management.
3) UEM-11
There are map to 27001:A.3.2.2, 27002:3.2.2 and there is no 3.x sub clause in both ISO/IEC 27001 and 27002.
This might be a typo of 13.2.2 Agreements on information transfer
4) Omitting ISO number like ISO/IEC 27001/02/17/18 is uncommon. I recommend to use ISO/IEC 27001, 27002, 27017 and 27018.
Please, check it.
------------------------------
--
Koichiro Watanabe
------------------------------