Expert Advice Community

Guest

Filling SoA

  Quote
Guest
Guest user Created:   Sep 10, 2019 Last commented:   Sep 10, 2019

Filling SoA

I already used risk ID's inside the SoA template and wrote down „Risk #8, #10, #38“ for example. I did it like Dejan’s video tutorial said. But control A.12.6.1 includes (in my opinion) almost any risks out of the risk assessment table and I would like to write a general statement for „reason for selection / exclusion“ instead of writing each risk ID down. Is this possible? I did it for some other controls inside the SoA already too.

Assign topic to the user

Assign

ISO 27001 STATEMENT OF APPLICABILITY

List all controls and determine which are applicable and why.

ISO 27001 STATEMENT OF APPLICABILITY

List all controls and determine which are applicable and why.

Expert
Rhand Leal Sep 10, 2019

Answer:

In this case (when you have a large number of risks to refer in the SoA) I suggest you to list in the SoA only the IDs of the 3 or 4 most critical risks related to this control and inform the quantity of other risks that justify the application of this control that can be found in the results of risk assessment. See this example:
"Risks #3, #18, #27, and 23 other risks that can be found in the results of risk assessment."
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 10, 2019

Sep 10, 2019

Suggested Topics

Guest user Created:   Nov 27, 2019 ISO 27001 & 22301
Replies: 1
0 0

Filling SoA

Guest user Created:   Sep 09, 2019 ISO 27001 & 22301
Replies: 1
0 0

Filling SoA justification

Guest user Created:   Aug 24, 2019 ISO 27001 & 22301
Replies: 3
0 0

Filling SoA