Expert Advice Community

Guest

Annex A

  Quote
Guest
Guest user Created:   Apr 30, 2020 Last commented:   Apr 30, 2020

Annex A

Can you help us by giving us various examples of justification (applied or not ) for the different measures in Appendix A?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 30, 2020

In general, justifications for applicability, or not, of controls from ISO 27001 Annex A are based on perceived risks and legal requirements (e.g., laws, contracts, or regulations).

Considering that, these are some examples:

  • Control A.x.x is applicable to treat risks <include there the ID of the risks from the risk treatment table>
  • Control A.x.x is applicable to comply with a legal requirement <include here the name/number of the law, regulation or contract>
  • Control A.x.x id not applicable because there is no unacceptable risk or legal requirements, that demands the implementation of this control.

Please note that included in the toolkit you have access to a video tutorial that can help you with the Statement of Applicability,  which provides examples with real data.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 30, 2020

Apr 30, 2020