Can you help us by giving us various examples of justification (applied or not ) for the different measures in Appendix A?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
In general, justifications for applicability, or not, of controls from ISO 27001 Annex A are based on perceived risks and legal requirements (e.g., laws, contracts, or regulations).
Considering that, these are some examples:
- Control A.x.x is applicable to treat risks <include there the ID of the risks from the risk treatment table>
- Control A.x.x is applicable to comply with a legal requirement <include here the name/number of the law, regulation or contract>
- Control A.x.x id not applicable because there is no unacceptable risk or legal requirements, that demands the implementation of this control.
Please note that included in the toolkit you have access to a video tutorial that can help you with the Statement of Applicability, which provides examples with real data.
Comment as guest or Sign in
Apr 30, 2020