Can these questions be answered? Original post attached:
Do these controls belong to a particular framework? or are they straight out of the audit guide? Also, what industry do you see their use? You also stated that “These types of controls are most important as they help the organization in information protection as well as its certification processes.” what type of certification process?