Guest user Created: Nov 26, 2021 Last commented: Nov 26, 2021

Declaration of applicability in ISO 27001

I have a question about SOA. If, for example, last year we received a certificate for ISO 27001 and the certificate states the Statement of Applicability from, for example, from 01.05.2020, and certainly, there is a version on that Statement, can the version and date be changed now, for example, to put version B, date 24.11.2021.a not to be certified again? I mean I don't know if you understood me, but basically, I want to know if I can, for example, change the version and date of the SOA every year, even though the certificate we last received has one date?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Nov 26, 2021

You can update the Statement of Applicability any time you see fit. You only need to inform the certification auditor prior to a surveillance/recertification audit about the SoA update, so he can be aware of the changes and take them into consideration in his audit plan.

Please note that besides the SoA you also need to ensure that all evidence related to risk assessment and treatment processes are updated accordingly in case of need (e.g., risk assessment, risk treatment, risk treatment plan, etc.)

This article will provide you with further explanation about risk assessment:
- ISO 27001/ISO 27005 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Nov 26, 2021

Expert Advice Community