Compliance context
Compliance provides basic framework standards allows enterprises to establish company standards and best practices. You need to have evidence (tracking data) that this standard is continuously followed and easy way to verify not just initially but also ongoing.
ISO 27001 Responsibility Model
CXO align business goal, risk, priority and identity ranges (Governance)
Audit and infosec team defined boundary and requirements
Engineers carry out the actual execution and meet the requirements,
providing supporting data
Audit verification of compliance with the document against the actual
conditions
