Guest
Conformio - Justification in SoA
In the statement of Applicability, I can see preselected controls based on the risks.
I’m adding additional controls as well. There is a ‘justification’ box here. Is it mandatory to type why I’m adding these extra controls?
Assign topic to the user
Expert
Rhand Leal
Nov 29, 2021
ISO 27001 requires a justification for all applicable controls (clause 6.1.3 “d”), so if you are adding controls in the Statement of Applicability you need to fill in the ‘justification’ field to be compliant with the standard.
This article will provide you a further explanation about the Statement of Applicability:
- The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
Comment as guest or Sign in
Nov 29, 2021
Nov 29, 2021
Nov 29, 2021