Annex A controls - flexibility in declaring the applicability
Assign topic to the user
ISO 27001 STATEMENT OF APPLICABILITY
List all controls and determine which are applicable and why.
Get it now 
ISO 27001 STATEMENT OF APPLICABILITY
List all controls and determine which are applicable and why.
Get it now
ISO 27001 STATEMENT OF APPLICABILITY
List all controls and determine which are applicable and why.
Get it now
Answer: ISO 27001 says that any company is flexible to declare as applicable only those controls that are needed to decrease the risk, or to satisfy some requirements, or per some other criteria important for the management. This article explains the concept further: The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
On this assumption , is there an accurate ratio treshhold in % that can gives me the freedom to decleare what is not relevant here?
Answer: There is no ratio nor treshold, but in most cases larger companies tend to select between 110 and 114 contro ls, while smaller companies are usually between 100 and 105 controls.
These materials will also help you regarding Annex A controls:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jan 16, 2019