Declaration of applicability in ISO 27001
Assign topic to the user
You can update the Statement of Applicability any time you see fit. You only need to inform the certification auditor prior to a surveillance/recertification audit about the SoA update, so he can be aware of the changes and take them into consideration in his audit plan.
Please note that besides the SoA you also need to ensure that all evidence related to risk assessment and treatment processes are updated accordingly in case of need (e.g., risk assessment, risk treatment, risk treatment plan, etc.)
This article will provide you with further explanation about risk assessment:
- ISO 27001/ISO 27005 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
Comment as guest or Sign in
Nov 26, 2021